jcicl 1.0.79 → 1.1.2

package/AuthContext/AuthProvider.d.ts

@@ -0,0 +1,63 @@
+import { PropsWithChildren } from 'react';
+import { IPublicClientApplication, AccountInfo } from '@azure/msal-browser';
+export interface AuthContextValue {
+    /** The currently authenticated account, or null if not logged in */
+    account: AccountInfo | null;
+    /** Whether a user is currently authenticated */
+    isAuthenticated: boolean;
+    /**
+     * True while any auth interaction is in progress (startup, redirect, token
+     * acquisition). Use this to block UI until auth state is settled.
+     */
+    isLoading: boolean;
+    /** App roles assigned to the current user, sourced from the ID token claims. Empty array if not authenticated. */
+    roles: string[];
+    /** Returns true if the current user has the specified app role. */
+    hasRole: (role: string) => boolean;
+    /** Initiates Microsoft login via redirect */
+    login: () => void;
+    /** Logs out the current user via redirect */
+    logout: () => void;
+    /**
+     * Silently acquires an access token. Falls back to redirect if interaction
+     * is required (e.g. token expired, consent needed).
+     * This is the standard MSAL "silent first, interactive as fallback" pattern.
+     * @param scopes - Override scopes. Defaults to the configured apiScope.
+     */
+    acquireToken: (scopes?: string[]) => Promise<string>;
+}
+/** Exported so tests and Storybook can mock the auth context directly. */
+export declare const AuthContext: import('react').Context<AuthContextValue | null>;
+export interface AuthProviderProps {
+    /** PublicClientApplication created by createMsalInstance() */
+    msalInstance: IPublicClientApplication;
+    /**
+     * The API scope URI used for token acquisition and login consent.
+     * Example: "api://<clientId>/access_as_user"
+     */
+    apiScope: string;
+}
+/**
+ * Wrap your application root with AuthProvider to enable Microsoft Identity
+ * Platform authentication for all child components.
+ *
+ * ```tsx
+ * import { AuthProvider, createMsalInstance } from 'jcicl/AuthContext';
+ *
+ * const msalInstance = createMsalInstance({
+ *   clientId: import.meta.env.VITE_AZURE_CLIENT_ID,
+ *   tenantId: import.meta.env.VITE_AZURE_TENANT_ID,
+ *   apiScope: import.meta.env.VITE_API_SCOPE,
+ * });
+ *
+ * <AuthProvider msalInstance={msalInstance} apiScope={import.meta.env.VITE_API_SCOPE}>
+ *   <App />
+ * </AuthProvider>
+ * ```
+ */
+export declare function AuthProvider({ msalInstance, apiScope, children }: PropsWithChildren<AuthProviderProps>): import("react/jsx-runtime").JSX.Element;
+/**
+ * Hook to access the current auth state and actions.
+ * Must be rendered inside AuthProvider.
+ */
+export declare function useAuthContext(): AuthContextValue;

package/AuthContext/AuthProvider.js

@@ -0,0 +1,227 @@
+import { jsx as m } from "react/jsx-runtime";
+import * as I from "react";
+import _, { useEffect as T, useMemo as L, useReducer as w, useContext as b, createContext as O } from "react";
+import { c, s, E as l, I as P, a as i, L as j, W as U, b as q } from "../.chunks/EventType.js";
+/*! @azure/msal-browser v5.10.0 2026-05-07 */
+const x = {
+  initialize: () => Promise.reject(c(s)),
+  acquireTokenPopup: () => Promise.reject(c(s)),
+  acquireTokenRedirect: () => Promise.reject(c(s)),
+  acquireTokenSilent: () => Promise.reject(c(s)),
+  acquireTokenByCode: () => Promise.reject(c(s)),
+  getAllAccounts: () => [],
+  getAccount: () => null,
+  handleRedirectPromise: () => Promise.reject(c(s)),
+  loginPopup: () => Promise.reject(c(s)),
+  loginRedirect: () => Promise.reject(c(s)),
+  logoutRedirect: () => Promise.reject(c(s)),
+  logoutPopup: () => Promise.reject(c(s)),
+  ssoSilent: () => Promise.reject(c(s)),
+  addEventCallback: () => null,
+  removeEventCallback: () => {
+  },
+  addPerformanceCallback: () => "",
+  removePerformanceCallback: () => !1,
+  getLogger: () => {
+    throw c(s);
+  },
+  setLogger: () => {
+  },
+  setActiveAccount: () => {
+  },
+  getActiveAccount: () => null,
+  initializeWrapperLibrary: () => {
+  },
+  setNavigationClient: () => {
+  },
+  getConfiguration: () => {
+    throw c(s);
+  },
+  hydrateCache: () => Promise.reject(c(s)),
+  clearCache: () => Promise.reject(c(s))
+};
+/*! @azure/msal-browser v5.10.0 2026-05-07 */
+class M {
+  /**
+   * Gets interaction status from event message
+   * @param message
+   * @param currentStatus
+   */
+  static getInteractionStatusFromEvent(n, r) {
+    switch (n.eventType) {
+      case l.ACQUIRE_TOKEN_START:
+        if (n.interactionType === P.Redirect || n.interactionType === P.Popup)
+          return i.AcquireToken;
+        break;
+      case l.HANDLE_REDIRECT_START:
+        return i.HandleRedirect;
+      case l.LOGOUT_START:
+        return i.Logout;
+      case l.LOGOUT_END:
+        if (r && r !== i.Logout)
+          break;
+        return i.None;
+      case l.HANDLE_REDIRECT_END:
+        if (r && r !== i.HandleRedirect)
+          break;
+        return i.None;
+      case l.ACQUIRE_TOKEN_SUCCESS:
+      case l.ACQUIRE_TOKEN_FAILURE:
+      case l.RESTORE_FROM_BFCACHE:
+        if (n.interactionType === P.Redirect || n.interactionType === P.Popup) {
+          if (r && r !== i.AcquireToken)
+            break;
+          return i.None;
+        }
+        break;
+    }
+    return null;
+  }
+}
+/*! @azure/msal-react v5.4.0 2026-05-07 */
+const S = {
+  instance: x,
+  inProgress: i.None,
+  accounts: [],
+  logger: new j({})
+}, h = I.createContext(S);
+h.Consumer;
+/*! @azure/msal-react v5.4.0 2026-05-07 */
+function v(e, n) {
+  if (e.length !== n.length)
+    return !1;
+  const r = [...n];
+  return e.every((t) => {
+    const o = r.shift();
+    return !t || !o ? !1 : t.homeAccountId === o.homeAccountId && t.localAccountId === o.localAccountId && t.username === o.username;
+  });
+}
+/*! @azure/msal-react v5.4.0 2026-05-07 */
+const K = "@azure/msal-react", k = "5.4.0";
+/*! @azure/msal-react v5.4.0 2026-05-07 */
+const A = {
+  UNBLOCK_INPROGRESS: "UNBLOCK_INPROGRESS",
+  EVENT: "EVENT"
+}, B = (e, n) => {
+  const { type: r, payload: t } = n;
+  let o = e.inProgress;
+  switch (r) {
+    case A.UNBLOCK_INPROGRESS:
+      e.inProgress === i.Startup && (o = i.None, t.logger.info("MsalProvider - handleRedirectPromise resolved, setting inProgress to 'none'", ""));
+      break;
+    case A.EVENT:
+      const u = t.message, d = M.getInteractionStatusFromEvent(u, e.inProgress);
+      d && (t.logger.info(`MsalProvider - '${u.eventType}' results in setting inProgress from '${e.inProgress}' to '${d}'`, ""), o = d);
+      break;
+    default:
+      throw new Error(`Unknown action type: ${r}`);
+  }
+  if (o === i.Startup)
+    return e;
+  const a = t.instance.getAllAccounts();
+  return o !== e.inProgress && !v(a, e.accounts) ? {
+    ...e,
+    inProgress: o,
+    accounts: a
+  } : o !== e.inProgress ? {
+    ...e,
+    inProgress: o
+  } : v(a, e.accounts) ? e : {
+    ...e,
+    accounts: a
+  };
+};
+function D({ instance: e, children: n }) {
+  T(() => {
+    e.initializeWrapperLibrary(U.React, k);
+  }, [e]);
+  const r = L(() => e.getLogger().clone(K, k), [e]), [t, o] = w(B, void 0, () => ({
+    inProgress: i.Startup,
+    accounts: []
+  }));
+  T(() => {
+    const u = e.addEventCallback((d) => {
+      o({
+        payload: {
+          instance: e,
+          logger: r,
+          message: d
+        },
+        type: A.EVENT
+      });
+    });
+    return r.verbose(`MsalProvider - Registered event callback with id: '${u}'`, ""), e.initialize().then(() => {
+      e.handleRedirectPromise().catch(() => {
+      }).finally(() => {
+        o({
+          payload: {
+            instance: e,
+            logger: r
+          },
+          type: A.UNBLOCK_INPROGRESS
+        });
+      });
+    }).catch(() => {
+    }), () => {
+      u && (r.verbose(`MsalProvider - Removing event callback '${u}'`, ""), e.removeEventCallback(u));
+    };
+  }, [e, r]);
+  const a = {
+    instance: e,
+    inProgress: t.inProgress,
+    accounts: t.accounts,
+    logger: r
+  };
+  return _.createElement(h.Provider, { value: a }, n);
+}
+/*! @azure/msal-react v5.4.0 2026-05-07 */
+const G = () => b(h), N = O(null);
+function $({ children: e, apiScope: n }) {
+  const { instance: r, accounts: t, inProgress: o } = G();
+  T(() => {
+    t.length > 0 && !r.getActiveAccount() && r.setActiveAccount(t[0]);
+  }, [t, r]);
+  const a = r.getActiveAccount() ?? t[0] ?? null, u = !!a, d = o !== i.None, g = a == null ? void 0 : a.idTokenClaims, C = Array.isArray(g == null ? void 0 : g.roles) ? g.roles : [], y = {
+    account: a,
+    isAuthenticated: u,
+    isLoading: d,
+    roles: C,
+    hasRole: (E) => C.includes(E),
+    login: () => {
+      r.loginRedirect({ scopes: [n] });
+    },
+    logout: () => {
+      r.logoutRedirect({ account: a ?? void 0 });
+    },
+    acquireToken: async (E) => {
+      const f = r.getActiveAccount() ?? t[0];
+      if (!f)
+        throw new Error("[Auth] No active account. The user must sign in first.");
+      const p = E ?? [n];
+      try {
+        return (await r.acquireTokenSilent({
+          scopes: p,
+          account: f
+        })).accessToken;
+      } catch (R) {
+        if (R instanceof q)
+          return r.acquireTokenRedirect({ scopes: p, account: f }), "";
+        throw R;
+      }
+    }
+  };
+  return /* @__PURE__ */ m(N.Provider, { value: y, children: e });
+}
+function X({ msalInstance: e, apiScope: n, children: r }) {
+  return /* @__PURE__ */ m(D, { instance: e, children: /* @__PURE__ */ m($, { apiScope: n, children: r }) });
+}
+function Y() {
+  const e = b(N);
+  if (!e) throw new Error("useAuthContext must be used inside <AuthProvider>");
+  return e;
+}
+export {
+  N as AuthContext,
+  X as AuthProvider,
+  Y as useAuthContext
+};

package/AuthContext/index.d.ts

@@ -0,0 +1,4 @@
+export { AuthProvider, useAuthContext, AuthContext } from './AuthProvider';
+export type { AuthProviderProps, AuthContextValue } from './AuthProvider';
+export { createMsalInstance } from './msalConfig';
+export type { AuthConfig } from './msalConfig';

package/AuthContext/index.js

@@ -0,0 +1,8 @@
+import { AuthContext as o, AuthProvider as r, useAuthContext as n } from "./AuthProvider.js";
+import { createMsalInstance as x } from "./msalConfig.js";
+export {
+  o as AuthContext,
+  r as AuthProvider,
+  x as createMsalInstance,
+  n as useAuthContext
+};

package/AuthContext/msalConfig.d.ts

@@ -0,0 +1,56 @@
+import { PublicClientApplication } from '@azure/msal-browser';
+/**
+ * Configuration for a single Azure AD app registration that covers both the
+ * React SPA and the .NET API backend.
+ *
+ * Setup in the Azure portal:
+ *  1. Use the existing API app registration (the one your .NET backend already validates against).
+ *  2. Under "Authentication", add a Single-page application platform with your SPA redirect URI.
+ *  3. Under "Expose an API", ensure a scope exists (e.g. "access_as_user").
+ *  4. Under "App roles", define any roles you want to gate UI or API access with.
+ *
+ * The same clientId is used by both the SPA (to log in and acquire tokens) and
+ * the .NET backend (as the expected token audience). App roles defined here
+ * appear in both the ID token (readable by the SPA via idTokenClaims) and the
+ * access token (validated by the API).
+ */
+export interface AuthConfig {
+    /**
+     * The application (client) ID of the single app registration.
+     * This is the same ID your .NET backend uses as its audience.
+     */
+    clientId: string;
+    /** Azure AD directory (tenant) ID */
+    tenantId: string;
+    /**
+     * A scope exposed by this app registration.
+     * Must be in the form "api://<clientId>/<scopeName>".
+     * Requesting this scope causes Azure AD to issue an access token
+     * whose audience matches what your .NET backend expects.
+     */
+    apiScope: string;
+    /**
+     * Redirect URI after login/logout.
+     * Defaults to window.location.origin.
+     */
+    redirectUri?: string;
+}
+/**
+ * Creates a configured PublicClientApplication instance for use with AuthProvider.
+ *
+ * Tokens are stored in sessionStorage (not localStorage) to prevent cross-tab
+ * token sharing and reduce XSS exposure surface.
+ *
+ * ```typescript
+ * import { createMsalInstance } from 'jcicl/AuthContext';
+ *
+ * // All three values come from the same app registration in the Azure portal.
+ * // VITE_API_SCOPE is the scope exposed by that registration, e.g. "api://social-services/access_as_user".
+ * const msalInstance = createMsalInstance({
+ *   clientId: import.meta.env.VITE_AZURE_CLIENT_ID,
+ *   tenantId: import.meta.env.VITE_AZURE_TENANT_ID,
+ *   apiScope: import.meta.env.VITE_API_SCOPE,
+ * });
+ * ```
+ */
+export declare function createMsalInstance(config: AuthConfig): PublicClientApplication;