formreader-session-timeout 0.2.3 → 0.2.4

package/dist/index.d.ts

@@ -17,6 +17,8 @@ interface SessionConfig {
     refreshEndpoint: string;
     /** Endpoint to call for logout */
     logoutEndpoint: string;
+    /** Whether to track idle time */
+    trackIdleTime?: boolean;
     /** Whether to show idle warning dialog */
     showIdleWarning: boolean;
     /** Time before idle timeout to show warning (milliseconds) */
@@ -27,6 +29,8 @@ interface SessionConfig {
     onIdle?: () => void;
     /** Callback when session has expired */
     onSessionExpired?: () => void;
+    /** Callback when user logs out */
+    onLogout?: () => void;
     /** Callback on refresh success */
     onRefreshSuccess?: () => void;
     /** Callback on refresh failure */
@@ -41,10 +45,20 @@ interface SessionConfig {
             data: any;
         }>;
     };
-    /** Custom function to format the refresh request payload. Allows you to define exactly what data is sent to your API. */
-    refreshPayloadFormatter?: (token: string) => Record<string, any>;
-    /** Custom function to format the logout request payload. Allows you to define exactly what data is sent to your API. */
+    /** Custom function to format the refresh request payload */
+    refreshPayloadFormatter?: (token: string, refreshToken: string) => Record<string, any>;
+    /** Custom function to format the logout request payload */
     logoutPayloadFormatter?: (token: string) => Record<string, any>;
+    /** Which field in login response contains access token (default: 'access') */
+    accessTokenField?: string;
+    /** Which field in login response contains refresh token (default: 'refresh') */
+    refreshTokenField?: string;
+    /** Which field in refresh response contains new access token (default: 'access') */
+    refreshAccessTokenField?: string;
+    /** Which field in refresh response contains new refresh token (default: 'refresh') */
+    refreshRefreshTokenField?: string;
+    /** Whether to store refresh token separately (default: true) */
+    storeRefreshToken?: boolean;
 }
 interface JWTPayload {
     exp: number;
@@ -77,6 +91,7 @@ declare const DEFAULT_SESSION_CONFIG: SessionConfig;
 /**
  * Session Manager Service
  * Manages token refresh, idle tracking, and session lifecycle
+ * Supports configurable token response field mapping
  */
 
 declare class SessionManager {
@@ -90,15 +105,16 @@ declare class SessionManager {
     private requestDeduplication;
     constructor(config: Partial<SessionConfig>);
     /**
-     * Initialize session management
+     * Initialize session management with optional login response
+     * Extracts and stores tokens from login response using configured field names
      */
-    init(): void;
+    init(loginResponse?: any): void;
     /**
      * Setup token refresh before expiry
      */
     private setupTokenRefresh;
     /**
-     * Setup idle activity tracking
+     * Setup idle tracking with activity listeners
      */
     private setupIdleTracking;
     /**
@@ -106,27 +122,23 @@ declare class SessionManager {
      */
     private setupMaxSessionDuration;
     /**
-     * Refresh token
+     * Refresh token using stored refresh token
      */
     refreshToken(): Promise<boolean>;
     /**
-     * Logout and cleanup
+     * Manual logout
      */
     logout(): Promise<void>;
     /**
-     * Extend session (reset idle timer)
+     * Check if session is active
      */
-    extendSession(): void;
+    isActive(): boolean;
     /**
      * Get current state
      */
     getState(): SessionState;
     /**
-     * Get current config
-     */
-    getConfig(): SessionConfig;
-    /**
-     * Update config
+     * Update config at runtime
      */
     updateConfig(newConfig: Partial<SessionConfig>): void;
     /**
@@ -171,48 +183,57 @@ declare function isTokenExpired(token: string, bufferMs?: number): boolean;
  */
 declare function getTimeUntilExpiry(token: string): number;
 /**
- * Extract token from storage
+ * Extract token from storage (access token)
  */
 declare function getStoredToken(): string | null;
+/**
+ * Extract refresh token from storage
+ */
+declare function getStoredRefreshToken(): string | null;
 /**
  * Store token in appropriate storage
  */
 declare function storeToken(token: string, persistent?: boolean): void;
 /**
- * Clear stored token
+ * Store refresh token in appropriate storage
+ */
+declare function storeRefreshToken(token: string, persistent?: boolean): void;
+/**
+ * Clear all tokens from storage
  */
 declare function clearToken(): void;
 /**
- * Validate token structure and expiry
+ * Validate token structure
  */
-declare function validateToken(token: string): {
-    valid: boolean;
-    error?: string;
-};
+declare function validateToken(token: string): boolean;
 
 /**
  * useSessionTimeout Hook
- * React hook for session timeout management in components
+ * React hook for managing session timeout
  */
 
-interface UseSessionTimeoutOptions {
-    config?: Partial<SessionConfig>;
-    enabled?: boolean;
-    onSessionExpiring?: () => void;
-    onSessionExpired?: () => void;
-    onIdle?: () => void;
-    onRefreshSuccess?: () => void;
+interface UseSessionTimeoutOptions extends Partial<SessionConfig> {
+    /**
+     * Optional login response from your authentication endpoint
+     * Used to extract tokens from response if provided
+     */
+    loginResponse?: any;
+    /**
+     * Whether to automatically initialize on mount
+     */
+    autoInit?: boolean;
 }
 declare function useSessionTimeout(options?: UseSessionTimeoutOptions): {
-    sessionState: SessionState;
-    timeUntilExpiry: any;
+    isActive: boolean;
+    isIdle: boolean;
+    isRefreshing: boolean;
+    refreshAttempts: number;
+    timeUntilTimeout: number;
     timeUntilIdle: number;
-    idleWarningVisible: boolean;
-    extendSession: () => void;
+    error: Error;
     refreshToken: () => Promise<boolean>;
     logout: () => Promise<void>;
-    updateConfig: (newConfig: Partial<SessionConfig>) => void;
-    manager: SessionManager;
+    dismissIdleWarning: () => void;
 };
 
 /**
@@ -221,4 +242,4 @@ declare function useSessionTimeout(options?: UseSessionTimeoutOptions): {
  */
 declare function SessionStatus(): react_jsx_runtime.JSX.Element;
 
-export { DEFAULT_SESSION_CONFIG, JWTPayload, RefreshTokenResponse, SessionConfig, SessionManager, SessionState, SessionStatus, TokenInfo, UseSessionTimeoutOptions, clearToken, getSessionManager, getStoredToken, getTimeUntilExpiry, getTokenInfo, isTokenExpired, resetSessionManager, storeToken, useSessionTimeout, validateToken };
+export { DEFAULT_SESSION_CONFIG, JWTPayload, RefreshTokenResponse, SessionConfig, SessionManager, SessionState, SessionStatus, TokenInfo, UseSessionTimeoutOptions, clearToken, getSessionManager, getStoredRefreshToken, getStoredToken, getTimeUntilExpiry, getTokenInfo, isTokenExpired, resetSessionManager, storeRefreshToken, storeToken, useSessionTimeout, validateToken };

package/dist/index.js

@@ -24,11 +24,13 @@ __export(session_timeout_exports, {
   SessionStatus: () => SessionStatus,
   clearToken: () => clearToken,
   getSessionManager: () => getSessionManager,
+  getStoredRefreshToken: () => getStoredRefreshToken,
   getStoredToken: () => getStoredToken,
   getTimeUntilExpiry: () => getTimeUntilExpiry,
   getTokenInfo: () => getTokenInfo,
   isTokenExpired: () => isTokenExpired,
   resetSessionManager: () => resetSessionManager,
+  storeRefreshToken: () => storeRefreshToken,
   storeToken: () => storeToken,
   useSessionTimeout: () => useSessionTimeout,
   validateToken: () => validateToken
@@ -47,11 +49,17 @@ var DEFAULT_SESSION_CONFIG = {
   // 8 hours max
   refreshEndpoint: "/auth/refresh/",
   logoutEndpoint: "/auth/logout/",
+  trackIdleTime: true,
   showIdleWarning: true,
   idleWarningThresholdMs: 2 * 60 * 1e3,
   // 2 minutes before idle timeout
   autoRefresh: true,
-  debug: false
+  debug: false,
+  accessTokenField: "access",
+  refreshTokenField: "refresh",
+  refreshAccessTokenField: "access",
+  refreshRefreshTokenField: "refresh",
+  storeRefreshToken: true
 };
 
 // services/tokenService.ts
@@ -101,34 +109,25 @@ function getTimeUntilExpiry(token) {
 function getStoredToken() {
   return sessionStorage.getItem("authToken") || localStorage.getItem("authToken");
 }
+function getStoredRefreshToken() {
+  return sessionStorage.getItem("refreshToken") || localStorage.getItem("refreshToken");
+}
 function storeToken(token, persistent = false) {
-  if (persistent) {
-    localStorage.setItem("authToken", token);
-    sessionStorage.removeItem("authToken");
-  } else {
-    sessionStorage.setItem("authToken", token);
-    localStorage.removeItem("authToken");
-  }
+  const storage = persistent ? localStorage : sessionStorage;
+  storage.setItem("authToken", token);
+}
+function storeRefreshToken(token, persistent = false) {
+  const storage = persistent ? localStorage : sessionStorage;
+  storage.setItem("refreshToken", token);
 }
 function clearToken() {
   sessionStorage.removeItem("authToken");
   localStorage.removeItem("authToken");
+  sessionStorage.removeItem("refreshToken");
+  localStorage.removeItem("refreshToken");
 }
 function validateToken(token) {
-  if (!token || typeof token !== "string") {
-    return { valid: false, error: "Token is missing or invalid" };
-  }
-  const payload = decodeJWT(token);
-  if (!payload) {
-    return { valid: false, error: "Failed to decode token" };
-  }
-  if (!payload.exp) {
-    return { valid: false, error: "Token missing expiry time" };
-  }
-  if (isTokenExpired(token)) {
-    return { valid: false, error: "Token has expired" };
-  }
-  return { valid: true };
+  return decodeJWT(token) !== null;
 }
 
 // services/sessionManager.ts
@@ -149,6 +148,20 @@ function defaultFetchClient() {
     }
   };
 }
+function extractTokenFromResponse(response, fieldName = "access") {
+  if (!response)
+    return null;
+  const parts = fieldName.split(".");
+  let value = response;
+  for (const part of parts) {
+    if (value && typeof value === "object") {
+      value = value[part];
+    } else {
+      return null;
+    }
+  }
+  return typeof value === "string" ? value : null;
+}
 var SessionManager = class {
   constructor(config) {
     this.refreshTimer = null;
@@ -171,17 +184,29 @@ var SessionManager = class {
     this.log("SessionManager initialized with config:", this.config);
   }
   /**
-   * Initialize session management
+   * Initialize session management with optional login response
+   * Extracts and stores tokens from login response using configured field names
    */
-  init() {
-    const token = getStoredToken();
+  init(loginResponse) {
+    const token = loginResponse ? extractTokenFromResponse(loginResponse, this.config.accessTokenField || "access") : getStoredToken();
     if (!token) {
       this.log("No token found, session not initialized");
       return;
     }
+    storeToken(token);
+    if (this.config.storeRefreshToken && loginResponse) {
+      const refreshToken = extractTokenFromResponse(
+        loginResponse,
+        this.config.refreshTokenField || "refresh"
+      );
+      if (refreshToken) {
+        storeRefreshToken(refreshToken);
+        this.log("Refresh token stored");
+      }
+    }
     const validation = validateToken(token);
-    if (!validation.valid) {
-      this.log("Invalid token:", validation.error);
+    if (!validation) {
+      this.log("Invalid token");
       this.logout();
       return;
     }
@@ -201,43 +226,33 @@ var SessionManager = class {
       return;
     const timeUntilExpiry = getTimeUntilExpiry(token);
     const refreshAt = Math.max(0, timeUntilExpiry - this.config.refreshThresholdMs);
-    this.log(`Token expires in ${timeUntilExpiry}ms, will refresh in ${refreshAt}ms`);
     if (this.refreshTimer) {
       clearTimeout(this.refreshTimer);
     }
-    if (this.config.autoRefresh && refreshAt > 0) {
-      this.refreshTimer = setTimeout(() => {
-        this.log("Scheduled token refresh triggered");
-        this.refreshToken();
-      }, refreshAt);
-    } else if (refreshAt <= 0 && this.config.autoRefresh) {
-      this.log("Token near expiry, refreshing immediately");
+    this.refreshTimer = setTimeout(() => {
+      this.log("Token refresh threshold reached, triggering refresh");
       this.refreshToken();
-    }
+    }, refreshAt);
+    this.log(`Token refresh scheduled in ${refreshAt}ms`);
   }
   /**
-   * Setup idle activity tracking
+   * Setup idle tracking with activity listeners
    */
   setupIdleTracking() {
-    const events = ["mousedown", "keydown", "scroll", "touchstart", "click"];
+    if (!this.config.trackIdleTime)
+      return;
     const handleActivity = () => {
       this.state.lastActivityTime = Date.now();
       this.state.isIdle = false;
       this.emit("activity");
-      if (this.idleTimer) {
-        clearTimeout(this.idleTimer);
-      }
-      this.idleTimer = setTimeout(() => {
-        var _a, _b;
-        this.state.isIdle = true;
-        this.emit("idle");
-        this.log("User idle timeout triggered");
-        (_b = (_a = this.config).onIdle) == null ? void 0 : _b.call(_a);
-      }, this.config.idleTimeoutMs);
     };
+    const events = ["mousedown", "keydown", "scroll", "touchstart", "click"];
     events.forEach((event) => {
-      window.addEventListener(event, handleActivity, { passive: true });
+      window.addEventListener(event, handleActivity, true);
     });
+    if (this.idleTimer) {
+      clearTimeout(this.idleTimer);
+    }
     this.idleTimer = setTimeout(() => {
       var _a, _b;
       this.state.isIdle = true;
@@ -269,7 +284,7 @@ var SessionManager = class {
     }, this.config.maxSessionDurationMs);
   }
   /**
-   * Refresh token
+   * Refresh token using stored refresh token
    */
   async refreshToken() {
     var _a, _b, _c, _d;
@@ -279,23 +294,49 @@ var SessionManager = class {
     }
     this.state.isRefreshing = true;
     this.state.refreshAttempts++;
-    const token = getStoredToken();
-    if (!token) {
+    const accessToken = getStoredToken();
+    const refreshToken = getStoredRefreshToken();
+    if (!accessToken && !refreshToken) {
       this.state.isRefreshing = false;
       return false;
     }
     try {
       this.log(`Refreshing token (attempt ${this.state.refreshAttempts})`);
       const client = this.config.httpClient || defaultFetchClient();
-      const refreshPayload = this.config.refreshPayloadFormatter ? this.config.refreshPayloadFormatter(token) : { token };
-      const refreshPromise = client.post(this.config.refreshEndpoint, refreshPayload, { headers: { Authorization: `Bearer ${token}` } });
+      const refreshPayload = this.config.refreshPayloadFormatter ? this.config.refreshPayloadFormatter(accessToken || "", refreshToken || "") : {
+        refresh: refreshToken || accessToken,
+        token: accessToken
+      };
+      const refreshPromise = client.post(
+        this.config.refreshEndpoint,
+        refreshPayload,
+        {
+          headers: {
+            Authorization: `Bearer ${accessToken || refreshToken}`
+          }
+        }
+      );
       this.requestDeduplication.set("refresh", refreshPromise);
       const response = await refreshPromise;
-      const newToken = response.data.token || response.data.access_token;
-      if (!newToken) {
-        throw new Error("No token in refresh response");
+      const responseData = response.data;
+      const newAccessToken = extractTokenFromResponse(
+        responseData,
+        this.config.refreshAccessTokenField || "access"
+      );
+      if (!newAccessToken) {
+        throw new Error("No access token in refresh response");
+      }
+      storeToken(newAccessToken);
+      if (this.config.storeRefreshToken) {
+        const newRefreshToken = extractTokenFromResponse(
+          responseData,
+          this.config.refreshRefreshTokenField || "refresh"
+        );
+        if (newRefreshToken) {
+          storeRefreshToken(newRefreshToken);
+          this.log("Refresh token updated");
+        }
       }
-      storeToken(newToken);
       this.state.isRefreshing = false;
       this.state.refreshAttempts = 0;
       this.requestDeduplication.delete("refresh");
@@ -317,41 +358,34 @@ var SessionManager = class {
     }
   }
   /**
-   * Logout and cleanup
+   * Manual logout
    */
   async logout() {
     var _a, _b;
+    this.log("Logging out");
     try {
       const token = getStoredToken();
-      if (token) {
+      if (token && this.config.logoutEndpoint) {
         const client = this.config.httpClient || defaultFetchClient();
         const logoutPayload = this.config.logoutPayloadFormatter ? this.config.logoutPayloadFormatter(token) : { token };
-        await client.post(this.config.logoutEndpoint, logoutPayload, { headers: { Authorization: `Bearer ${token}` } });
+        await client.post(this.config.logoutEndpoint, logoutPayload, {
+          headers: { Authorization: `Bearer ${token}` }
+        });
       }
     } catch (error) {
-      this.log("Logout API call failed:", error);
+      this.log("Logout request failed:", error);
     }
-    this.cleanup();
-    this.state.isActive = false;
-    this.emit("loggedOut");
-    (_b = (_a = this.config).onSessionExpired) == null ? void 0 : _b.call(_a);
     clearToken();
+    this.state.isActive = false;
+    this.emit("logout");
+    (_b = (_a = this.config).onLogout) == null ? void 0 : _b.call(_a);
+    this.cleanup();
   }
   /**
-   * Extend session (reset idle timer)
+   * Check if session is active
    */
-  extendSession() {
-    this.state.lastActivityTime = Date.now();
-    this.state.isIdle = false;
-    if (this.idleTimer) {
-      clearTimeout(this.idleTimer);
-    }
-    this.idleTimer = setTimeout(() => {
-      this.state.isIdle = true;
-      this.emit("idle");
-    }, this.config.idleTimeoutMs);
-    this.log("Session extended");
-    this.emit("sessionExtended");
+  isActive() {
+    return this.state.isActive;
   }
   /**
    * Get current state
@@ -360,13 +394,7 @@ var SessionManager = class {
     return { ...this.state };
   }
   /**
-   * Get current config
-   */
-  getConfig() {
-    return { ...this.config };
-  }
-  /**
-   * Update config
+   * Update config at runtime
    */
   updateConfig(newConfig) {
     this.config = { ...this.config, ...newConfig };
@@ -459,119 +487,97 @@ function resetSessionManager() {
 // hooks/useSessionTimeout.ts
 var import_react = require("react");
 function useSessionTimeout(options = {}) {
-  const {
-    config,
-    enabled = true,
-    onSessionExpiring,
-    onSessionExpired,
-    onIdle,
-    onRefreshSuccess
-  } = options;
-  const [sessionState, setSessionState] = (0, import_react.useState)({
+  const [state, setState] = (0, import_react.useState)({
     isActive: false,
     isIdle: false,
     lastActivityTime: Date.now(),
     refreshAttempts: 0,
     isRefreshing: false
   });
-  const [timeUntilIdle, setTimeUntilIdle] = (0, import_react.useState)(null);
-  const [idleWarningVisible, setIdleWarningVisible] = (0, import_react.useState)(false);
+  const [error, setError] = (0, import_react.useState)(null);
+  const [timeUntilTimeout, setTimeUntilTimeout] = (0, import_react.useState)(0);
+  const [timeUntilIdle, setTimeUntilIdle] = (0, import_react.useState)(0);
   const managerRef = (0, import_react.useRef)(null);
-  const unsubscribeRef = (0, import_react.useRef)(/* @__PURE__ */ new Map());
+  const updateTimerRef = (0, import_react.useRef)(null);
   (0, import_react.useEffect)(() => {
-    if (!enabled)
-      return;
-    const manager = getSessionManager({
-      ...config,
-      onSessionExpiring,
-      onSessionExpired,
-      onIdle,
-      onRefreshSuccess
-    });
+    const { loginResponse, autoInit, ...config } = options;
+    const manager = getSessionManager(config);
     managerRef.current = manager;
-    const subscriptions = /* @__PURE__ */ new Map();
-    subscriptions.set(
-      "initialized",
-      manager.on("initialized", () => {
-        setSessionState(manager.getState());
-      })
-    );
-    subscriptions.set(
-      "tokenRefreshed",
-      manager.on("tokenRefreshed", () => {
-        setSessionState(manager.getState());
-      })
-    );
-    subscriptions.set(
-      "idle",
-      manager.on("idle", () => {
-        setSessionState(manager.getState());
-      })
-    );
-    subscriptions.set(
-      "activity",
-      manager.on("activity", () => {
-        setSessionState(manager.getState());
-        setIdleWarningVisible(false);
-      })
-    );
-    subscriptions.set(
-      "idleWarning",
-      manager.on("idleWarning", (data) => {
-        setIdleWarningVisible(true);
-        setTimeUntilIdle(data.timeRemaining);
-      })
-    );
-    subscriptions.set(
-      "loggedOut",
-      manager.on("loggedOut", () => {
-        setSessionState(manager.getState());
-      })
-    );
-    unsubscribeRef.current = subscriptions;
-    manager.init();
+    const unsubscribeInitialized = manager.on("initialized", () => {
+      setState(manager.getState());
+    });
+    const unsubscribeTokenRefreshed = manager.on("tokenRefreshed", () => {
+      setState(manager.getState());
+    });
+    const unsubscribeRefreshFailed = manager.on("refreshFailed", (error2) => {
+      setError(error2);
+      setState(manager.getState());
+    });
+    const unsubscribeLogout = manager.on("logout", () => {
+      setState(manager.getState());
+    });
+    const unsubscribeIdle = manager.on("idle", () => {
+      setState(manager.getState());
+    });
+    const unsubscribeIdleWarning = manager.on("idleWarning", (data) => {
+      setTimeUntilIdle(data.timeRemaining);
+    });
+    const unsubscribeActivity = manager.on("activity", () => {
+      setTimeUntilIdle(0);
+    });
+    if (autoInit !== false && (autoInit === true || loginResponse)) {
+      manager.init(loginResponse);
+    }
     return () => {
-      subscriptions.forEach((unsub) => unsub());
-      unsubscribeRef.current.clear();
+      unsubscribeInitialized();
+      unsubscribeTokenRefreshed();
+      unsubscribeRefreshFailed();
+      unsubscribeLogout();
+      unsubscribeIdle();
+      unsubscribeIdleWarning();
+      unsubscribeActivity();
     };
-  }, [enabled, config, onSessionExpiring, onSessionExpired, onIdle, onRefreshSuccess]);
+  }, [options]);
   (0, import_react.useEffect)(() => {
-    if (!enabled || !sessionState.isActive)
+    var _a;
+    if (!((_a = managerRef.current) == null ? void 0 : _a.isActive())) {
       return;
-    const interval = setInterval(() => {
-      const manager = managerRef.current;
-      if (manager) {
-        setSessionState(manager.getState());
+    }
+    const updateCountdown = () => {
+      setState(managerRef.current.getState());
+    };
+    updateTimerRef.current = setInterval(updateCountdown, 1e3);
+    return () => {
+      if (updateTimerRef.current) {
+        clearInterval(updateTimerRef.current);
       }
-    }, 5e3);
-    return () => clearInterval(interval);
-  }, [enabled, sessionState.isActive]);
-  const extendSession = (0, import_react.useCallback)(() => {
-    var _a;
-    (_a = managerRef.current) == null ? void 0 : _a.extendSession();
+    };
   }, []);
   const refreshToken = (0, import_react.useCallback)(async () => {
-    var _a;
-    return (_a = managerRef.current) == null ? void 0 : _a.refreshToken();
+    if (managerRef.current) {
+      return managerRef.current.refreshToken();
+    }
+    return false;
   }, []);
   const logout = (0, import_react.useCallback)(async () => {
-    var _a;
-    return (_a = managerRef.current) == null ? void 0 : _a.logout();
+    if (managerRef.current) {
+      return managerRef.current.logout();
+    }
   }, []);
-  const updateConfig = (0, import_react.useCallback)((newConfig) => {
-    var _a;
-    (_a = managerRef.current) == null ? void 0 : _a.updateConfig(newConfig);
+  const dismissIdleWarning = (0, import_react.useCallback)(() => {
+    setTimeUntilIdle(0);
   }, []);
   return {
-    sessionState,
-    timeUntilExpiry: null,
+    isActive: state.isActive,
+    isIdle: state.isIdle,
+    isRefreshing: state.isRefreshing,
+    refreshAttempts: state.refreshAttempts,
+    timeUntilTimeout,
     timeUntilIdle,
-    idleWarningVisible,
-    extendSession,
+    error,
     refreshToken,
     logout,
-    updateConfig,
-    manager: managerRef.current
+    dismissIdleWarning
   };
 }
 
@@ -623,11 +629,13 @@ function SessionStatus() {
   SessionStatus,
   clearToken,
   getSessionManager,
+  getStoredRefreshToken,
   getStoredToken,
   getTimeUntilExpiry,
   getTokenInfo,
   isTokenExpired,
   resetSessionManager,
+  storeRefreshToken,
   storeToken,
   useSessionTimeout,
   validateToken

package/dist/index.mjs

@@ -10,11 +10,17 @@ var DEFAULT_SESSION_CONFIG = {
   // 8 hours max
   refreshEndpoint: "/auth/refresh/",
   logoutEndpoint: "/auth/logout/",
+  trackIdleTime: true,
   showIdleWarning: true,
   idleWarningThresholdMs: 2 * 60 * 1e3,
   // 2 minutes before idle timeout
   autoRefresh: true,
-  debug: false
+  debug: false,
+  accessTokenField: "access",
+  refreshTokenField: "refresh",
+  refreshAccessTokenField: "access",
+  refreshRefreshTokenField: "refresh",
+  storeRefreshToken: true
 };
 
 // services/tokenService.ts
@@ -64,34 +70,25 @@ function getTimeUntilExpiry(token) {
 function getStoredToken() {
   return sessionStorage.getItem("authToken") || localStorage.getItem("authToken");
 }
+function getStoredRefreshToken() {
+  return sessionStorage.getItem("refreshToken") || localStorage.getItem("refreshToken");
+}
 function storeToken(token, persistent = false) {
-  if (persistent) {
-    localStorage.setItem("authToken", token);
-    sessionStorage.removeItem("authToken");
-  } else {
-    sessionStorage.setItem("authToken", token);
-    localStorage.removeItem("authToken");
-  }
+  const storage = persistent ? localStorage : sessionStorage;
+  storage.setItem("authToken", token);
+}
+function storeRefreshToken(token, persistent = false) {
+  const storage = persistent ? localStorage : sessionStorage;
+  storage.setItem("refreshToken", token);
 }
 function clearToken() {
   sessionStorage.removeItem("authToken");
   localStorage.removeItem("authToken");
+  sessionStorage.removeItem("refreshToken");
+  localStorage.removeItem("refreshToken");
 }
 function validateToken(token) {
-  if (!token || typeof token !== "string") {
-    return { valid: false, error: "Token is missing or invalid" };
-  }
-  const payload = decodeJWT(token);
-  if (!payload) {
-    return { valid: false, error: "Failed to decode token" };
-  }
-  if (!payload.exp) {
-    return { valid: false, error: "Token missing expiry time" };
-  }
-  if (isTokenExpired(token)) {
-    return { valid: false, error: "Token has expired" };
-  }
-  return { valid: true };
+  return decodeJWT(token) !== null;
 }
 
 // services/sessionManager.ts
@@ -112,6 +109,20 @@ function defaultFetchClient() {
     }
   };
 }
+function extractTokenFromResponse(response, fieldName = "access") {
+  if (!response)
+    return null;
+  const parts = fieldName.split(".");
+  let value = response;
+  for (const part of parts) {
+    if (value && typeof value === "object") {
+      value = value[part];
+    } else {
+      return null;
+    }
+  }
+  return typeof value === "string" ? value : null;
+}
 var SessionManager = class {
   constructor(config) {
     this.refreshTimer = null;
@@ -134,17 +145,29 @@ var SessionManager = class {
     this.log("SessionManager initialized with config:", this.config);
   }
   /**
-   * Initialize session management
+   * Initialize session management with optional login response
+   * Extracts and stores tokens from login response using configured field names
    */
-  init() {
-    const token = getStoredToken();
+  init(loginResponse) {
+    const token = loginResponse ? extractTokenFromResponse(loginResponse, this.config.accessTokenField || "access") : getStoredToken();
     if (!token) {
       this.log("No token found, session not initialized");
       return;
     }
+    storeToken(token);
+    if (this.config.storeRefreshToken && loginResponse) {
+      const refreshToken = extractTokenFromResponse(
+        loginResponse,
+        this.config.refreshTokenField || "refresh"
+      );
+      if (refreshToken) {
+        storeRefreshToken(refreshToken);
+        this.log("Refresh token stored");
+      }
+    }
     const validation = validateToken(token);
-    if (!validation.valid) {
-      this.log("Invalid token:", validation.error);
+    if (!validation) {
+      this.log("Invalid token");
       this.logout();
       return;
     }
@@ -164,43 +187,33 @@ var SessionManager = class {
       return;
     const timeUntilExpiry = getTimeUntilExpiry(token);
     const refreshAt = Math.max(0, timeUntilExpiry - this.config.refreshThresholdMs);
-    this.log(`Token expires in ${timeUntilExpiry}ms, will refresh in ${refreshAt}ms`);
     if (this.refreshTimer) {
       clearTimeout(this.refreshTimer);
     }
-    if (this.config.autoRefresh && refreshAt > 0) {
-      this.refreshTimer = setTimeout(() => {
-        this.log("Scheduled token refresh triggered");
-        this.refreshToken();
-      }, refreshAt);
-    } else if (refreshAt <= 0 && this.config.autoRefresh) {
-      this.log("Token near expiry, refreshing immediately");
+    this.refreshTimer = setTimeout(() => {
+      this.log("Token refresh threshold reached, triggering refresh");
       this.refreshToken();
-    }
+    }, refreshAt);
+    this.log(`Token refresh scheduled in ${refreshAt}ms`);
   }
   /**
-   * Setup idle activity tracking
+   * Setup idle tracking with activity listeners
    */
   setupIdleTracking() {
-    const events = ["mousedown", "keydown", "scroll", "touchstart", "click"];
+    if (!this.config.trackIdleTime)
+      return;
     const handleActivity = () => {
       this.state.lastActivityTime = Date.now();
       this.state.isIdle = false;
       this.emit("activity");
-      if (this.idleTimer) {
-        clearTimeout(this.idleTimer);
-      }
-      this.idleTimer = setTimeout(() => {
-        var _a, _b;
-        this.state.isIdle = true;
-        this.emit("idle");
-        this.log("User idle timeout triggered");
-        (_b = (_a = this.config).onIdle) == null ? void 0 : _b.call(_a);
-      }, this.config.idleTimeoutMs);
     };
+    const events = ["mousedown", "keydown", "scroll", "touchstart", "click"];
     events.forEach((event) => {
-      window.addEventListener(event, handleActivity, { passive: true });
+      window.addEventListener(event, handleActivity, true);
     });
+    if (this.idleTimer) {
+      clearTimeout(this.idleTimer);
+    }
     this.idleTimer = setTimeout(() => {
       var _a, _b;
       this.state.isIdle = true;
@@ -232,7 +245,7 @@ var SessionManager = class {
     }, this.config.maxSessionDurationMs);
   }
   /**
-   * Refresh token
+   * Refresh token using stored refresh token
    */
   async refreshToken() {
     var _a, _b, _c, _d;
@@ -242,23 +255,49 @@ var SessionManager = class {
     }
     this.state.isRefreshing = true;
     this.state.refreshAttempts++;
-    const token = getStoredToken();
-    if (!token) {
+    const accessToken = getStoredToken();
+    const refreshToken = getStoredRefreshToken();
+    if (!accessToken && !refreshToken) {
       this.state.isRefreshing = false;
       return false;
     }
     try {
       this.log(`Refreshing token (attempt ${this.state.refreshAttempts})`);
       const client = this.config.httpClient || defaultFetchClient();
-      const refreshPayload = this.config.refreshPayloadFormatter ? this.config.refreshPayloadFormatter(token) : { token };
-      const refreshPromise = client.post(this.config.refreshEndpoint, refreshPayload, { headers: { Authorization: `Bearer ${token}` } });
+      const refreshPayload = this.config.refreshPayloadFormatter ? this.config.refreshPayloadFormatter(accessToken || "", refreshToken || "") : {
+        refresh: refreshToken || accessToken,
+        token: accessToken
+      };
+      const refreshPromise = client.post(
+        this.config.refreshEndpoint,
+        refreshPayload,
+        {
+          headers: {
+            Authorization: `Bearer ${accessToken || refreshToken}`
+          }
+        }
+      );
       this.requestDeduplication.set("refresh", refreshPromise);
       const response = await refreshPromise;
-      const newToken = response.data.token || response.data.access_token;
-      if (!newToken) {
-        throw new Error("No token in refresh response");
+      const responseData = response.data;
+      const newAccessToken = extractTokenFromResponse(
+        responseData,
+        this.config.refreshAccessTokenField || "access"
+      );
+      if (!newAccessToken) {
+        throw new Error("No access token in refresh response");
+      }
+      storeToken(newAccessToken);
+      if (this.config.storeRefreshToken) {
+        const newRefreshToken = extractTokenFromResponse(
+          responseData,
+          this.config.refreshRefreshTokenField || "refresh"
+        );
+        if (newRefreshToken) {
+          storeRefreshToken(newRefreshToken);
+          this.log("Refresh token updated");
+        }
       }
-      storeToken(newToken);
       this.state.isRefreshing = false;
       this.state.refreshAttempts = 0;
       this.requestDeduplication.delete("refresh");
@@ -280,41 +319,34 @@ var SessionManager = class {
     }
   }
   /**
-   * Logout and cleanup
+   * Manual logout
    */
   async logout() {
     var _a, _b;
+    this.log("Logging out");
     try {
       const token = getStoredToken();
-      if (token) {
+      if (token && this.config.logoutEndpoint) {
         const client = this.config.httpClient || defaultFetchClient();
         const logoutPayload = this.config.logoutPayloadFormatter ? this.config.logoutPayloadFormatter(token) : { token };
-        await client.post(this.config.logoutEndpoint, logoutPayload, { headers: { Authorization: `Bearer ${token}` } });
+        await client.post(this.config.logoutEndpoint, logoutPayload, {
+          headers: { Authorization: `Bearer ${token}` }
+        });
       }
     } catch (error) {
-      this.log("Logout API call failed:", error);
+      this.log("Logout request failed:", error);
     }
-    this.cleanup();
-    this.state.isActive = false;
-    this.emit("loggedOut");
-    (_b = (_a = this.config).onSessionExpired) == null ? void 0 : _b.call(_a);
     clearToken();
+    this.state.isActive = false;
+    this.emit("logout");
+    (_b = (_a = this.config).onLogout) == null ? void 0 : _b.call(_a);
+    this.cleanup();
   }
   /**
-   * Extend session (reset idle timer)
+   * Check if session is active
    */
-  extendSession() {
-    this.state.lastActivityTime = Date.now();
-    this.state.isIdle = false;
-    if (this.idleTimer) {
-      clearTimeout(this.idleTimer);
-    }
-    this.idleTimer = setTimeout(() => {
-      this.state.isIdle = true;
-      this.emit("idle");
-    }, this.config.idleTimeoutMs);
-    this.log("Session extended");
-    this.emit("sessionExtended");
+  isActive() {
+    return this.state.isActive;
   }
   /**
    * Get current state
@@ -323,13 +355,7 @@ var SessionManager = class {
     return { ...this.state };
   }
   /**
-   * Get current config
-   */
-  getConfig() {
-    return { ...this.config };
-  }
-  /**
-   * Update config
+   * Update config at runtime
    */
   updateConfig(newConfig) {
     this.config = { ...this.config, ...newConfig };
@@ -422,119 +448,97 @@ function resetSessionManager() {
 // hooks/useSessionTimeout.ts
 import { useEffect, useState, useCallback, useRef } from "react";
 function useSessionTimeout(options = {}) {
-  const {
-    config,
-    enabled = true,
-    onSessionExpiring,
-    onSessionExpired,
-    onIdle,
-    onRefreshSuccess
-  } = options;
-  const [sessionState, setSessionState] = useState({
+  const [state, setState] = useState({
     isActive: false,
     isIdle: false,
     lastActivityTime: Date.now(),
     refreshAttempts: 0,
     isRefreshing: false
   });
-  const [timeUntilIdle, setTimeUntilIdle] = useState(null);
-  const [idleWarningVisible, setIdleWarningVisible] = useState(false);
+  const [error, setError] = useState(null);
+  const [timeUntilTimeout, setTimeUntilTimeout] = useState(0);
+  const [timeUntilIdle, setTimeUntilIdle] = useState(0);
   const managerRef = useRef(null);
-  const unsubscribeRef = useRef(/* @__PURE__ */ new Map());
+  const updateTimerRef = useRef(null);
   useEffect(() => {
-    if (!enabled)
-      return;
-    const manager = getSessionManager({
-      ...config,
-      onSessionExpiring,
-      onSessionExpired,
-      onIdle,
-      onRefreshSuccess
-    });
+    const { loginResponse, autoInit, ...config } = options;
+    const manager = getSessionManager(config);
     managerRef.current = manager;
-    const subscriptions = /* @__PURE__ */ new Map();
-    subscriptions.set(
-      "initialized",
-      manager.on("initialized", () => {
-        setSessionState(manager.getState());
-      })
-    );
-    subscriptions.set(
-      "tokenRefreshed",
-      manager.on("tokenRefreshed", () => {
-        setSessionState(manager.getState());
-      })
-    );
-    subscriptions.set(
-      "idle",
-      manager.on("idle", () => {
-        setSessionState(manager.getState());
-      })
-    );
-    subscriptions.set(
-      "activity",
-      manager.on("activity", () => {
-        setSessionState(manager.getState());
-        setIdleWarningVisible(false);
-      })
-    );
-    subscriptions.set(
-      "idleWarning",
-      manager.on("idleWarning", (data) => {
-        setIdleWarningVisible(true);
-        setTimeUntilIdle(data.timeRemaining);
-      })
-    );
-    subscriptions.set(
-      "loggedOut",
-      manager.on("loggedOut", () => {
-        setSessionState(manager.getState());
-      })
-    );
-    unsubscribeRef.current = subscriptions;
-    manager.init();
+    const unsubscribeInitialized = manager.on("initialized", () => {
+      setState(manager.getState());
+    });
+    const unsubscribeTokenRefreshed = manager.on("tokenRefreshed", () => {
+      setState(manager.getState());
+    });
+    const unsubscribeRefreshFailed = manager.on("refreshFailed", (error2) => {
+      setError(error2);
+      setState(manager.getState());
+    });
+    const unsubscribeLogout = manager.on("logout", () => {
+      setState(manager.getState());
+    });
+    const unsubscribeIdle = manager.on("idle", () => {
+      setState(manager.getState());
+    });
+    const unsubscribeIdleWarning = manager.on("idleWarning", (data) => {
+      setTimeUntilIdle(data.timeRemaining);
+    });
+    const unsubscribeActivity = manager.on("activity", () => {
+      setTimeUntilIdle(0);
+    });
+    if (autoInit !== false && (autoInit === true || loginResponse)) {
+      manager.init(loginResponse);
+    }
     return () => {
-      subscriptions.forEach((unsub) => unsub());
-      unsubscribeRef.current.clear();
+      unsubscribeInitialized();
+      unsubscribeTokenRefreshed();
+      unsubscribeRefreshFailed();
+      unsubscribeLogout();
+      unsubscribeIdle();
+      unsubscribeIdleWarning();
+      unsubscribeActivity();
     };
-  }, [enabled, config, onSessionExpiring, onSessionExpired, onIdle, onRefreshSuccess]);
+  }, [options]);
   useEffect(() => {
-    if (!enabled || !sessionState.isActive)
+    var _a;
+    if (!((_a = managerRef.current) == null ? void 0 : _a.isActive())) {
       return;
-    const interval = setInterval(() => {
-      const manager = managerRef.current;
-      if (manager) {
-        setSessionState(manager.getState());
+    }
+    const updateCountdown = () => {
+      setState(managerRef.current.getState());
+    };
+    updateTimerRef.current = setInterval(updateCountdown, 1e3);
+    return () => {
+      if (updateTimerRef.current) {
+        clearInterval(updateTimerRef.current);
       }
-    }, 5e3);
-    return () => clearInterval(interval);
-  }, [enabled, sessionState.isActive]);
-  const extendSession = useCallback(() => {
-    var _a;
-    (_a = managerRef.current) == null ? void 0 : _a.extendSession();
+    };
   }, []);
   const refreshToken = useCallback(async () => {
-    var _a;
-    return (_a = managerRef.current) == null ? void 0 : _a.refreshToken();
+    if (managerRef.current) {
+      return managerRef.current.refreshToken();
+    }
+    return false;
   }, []);
   const logout = useCallback(async () => {
-    var _a;
-    return (_a = managerRef.current) == null ? void 0 : _a.logout();
+    if (managerRef.current) {
+      return managerRef.current.logout();
+    }
   }, []);
-  const updateConfig = useCallback((newConfig) => {
-    var _a;
-    (_a = managerRef.current) == null ? void 0 : _a.updateConfig(newConfig);
+  const dismissIdleWarning = useCallback(() => {
+    setTimeUntilIdle(0);
   }, []);
   return {
-    sessionState,
-    timeUntilExpiry: null,
+    isActive: state.isActive,
+    isIdle: state.isIdle,
+    isRefreshing: state.isRefreshing,
+    refreshAttempts: state.refreshAttempts,
+    timeUntilTimeout,
     timeUntilIdle,
-    idleWarningVisible,
-    extendSession,
+    error,
     refreshToken,
     logout,
-    updateConfig,
-    manager: managerRef.current
+    dismissIdleWarning
   };
 }
 
@@ -585,11 +589,13 @@ export {
   SessionStatus,
   clearToken,
   getSessionManager,
+  getStoredRefreshToken,
   getStoredToken,
   getTimeUntilExpiry,
   getTokenInfo,
   isTokenExpired,
   resetSessionManager,
+  storeRefreshToken,
   storeToken,
   useSessionTimeout,
   validateToken

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "formreader-session-timeout",
-  "version": "0.2.3",
+  "version": "0.2.4",
   "description": "Session timeout microfrontend: configurable JWT expiry decoding and refresh with idle tracking",
   "main": "dist/index.js",
   "module": "dist/index.mjs",