oidc-spa 8.2.1 → 8.2.3

package/src/core/persistedAuthState.ts

@@ -30,6 +30,7 @@ export function persistAuthState(params: {
               stateDescription: "logged in";
               idleSessionLifetimeInSeconds: number | undefined;
               refreshTokenExpirationTime: number | undefined;
+              serverDateNow: number;
           }
         | {
               stateDescription: "explicitly logged out";
@@ -56,14 +57,35 @@ export function persistAuthState(params: {
                                 __brand: "PersistedAuthState-v1",
                                 stateDescription: "logged in",
                                 untilTime: (() => {
-                                    const { idleSessionLifetimeInSeconds, refreshTokenExpirationTime } =
-                                        state;
+                                    const {
+                                        idleSessionLifetimeInSeconds,
+                                        refreshTokenExpirationTime,
+                                        serverDateNow
+                                    } = state;
+
+                                    const untilTime_real = (() => {
+                                        if (refreshTokenExpirationTime === undefined) {
+                                            return undefined;
+                                        }
+
+                                        const msBeforeExpirationOfTheSession =
+                                            refreshTokenExpirationTime - serverDateNow;
+
+                                        return Date.now() + msBeforeExpirationOfTheSession;
+                                    })();
+
+                                    const unitTime_userOverwrite = (() => {
+                                        if (idleSessionLifetimeInSeconds === undefined) {
+                                            return undefined;
+                                        }
 
-                                    if (idleSessionLifetimeInSeconds !== undefined) {
                                         return Date.now() + idleSessionLifetimeInSeconds * 1000;
-                                    }
+                                    })();
 
-                                    return refreshTokenExpirationTime;
+                                    return Math.min(
+                                        untilTime_real ?? Number.POSITIVE_INFINITY,
+                                        unitTime_userOverwrite ?? Number.POSITIVE_INFINITY
+                                    );
                                 })()
                             });
                         case "explicitly logged out":

package/src/keycloak/keycloak-js/Keycloak.ts

@@ -23,7 +23,48 @@ import { type StatefulEvt, createStatefulEvt } from "../../tools/StatefulEvt";
 import { readExpirationTimeInJwt } from "../../tools/readExpirationTimeInJwt";
 
 type ConstructorParams = KeycloakServerConfig & {
+    /**
+     * NOTE: This parameter is optional if you use the Vite plugin.
+     *
+     * This parameter let's you overwrite the value provided in
+     * oidcEarlyInit({ BASE_URL: xxx });
+     *
+     * What should you put in this parameter?
+     *   - Vite project:             `BASE_URL: import.meta.env.BASE_URL`
+     *   - Create React App project: `BASE_URL: process.env.PUBLIC_URL`
+     *   - Other:                    `BASE_URL: "/"` (Usually, or `/dashboard` if your app is not at the root of the domain)
+     */
     BASE_URL?: string;
+
+    /**
+     * Determines how session restoration is handled.
+     * Session restoration allows users to stay logged in between visits
+     * without needing to explicitly sign in each time.
+     *
+     * Options:
+     *
+     * - **"auto" (default)**:
+     *   Automatically selects the best method.
+     *   If the app’s domain shares a common parent domain with the authorization endpoint,
+     *   an iframe is used for silent session restoration.
+     *   Otherwise, a full-page redirect is used.
+     *
+     * - **"full page redirect"**:
+     *   Forces full-page reloads for session restoration.
+     *   Use this if your application is served with a restrictive CSP
+     *   (e.g., `Content-Security-Policy: frame-ancestors "none"`)
+     *   or `X-Frame-Options: DENY`, and you cannot modify those headers.
+     *   This mode provides a slightly less seamless UX and will lead oidc-spa to
+     *   store tokens in `localStorage` if multiple OIDC clients are used
+     *   (e.g., your app communicates with several APIs).
+     *
+     * - **"iframe"**:
+     *   Forces iframe-based session restoration.
+     *   In development, if you go in your browser setting and allow your auth server’s domain
+     *   to set third-party cookies this value will let you test your app
+     *   with the local dev server as it will behave in production.
+     */
+    sessionRestorationMethod?: "iframe" | "full page redirect" | "auto";
 };
 
 /**
@@ -99,7 +140,8 @@ export class Keycloak {
         let hasCreateResolved = false;
 
         const oidcOrError = await createOidc({
-            homeUrl: constructorParams.BASE_URL,
+            BASE_URL: constructorParams.BASE_URL,
+            sessionRestorationMethod: constructorParams.sessionRestorationMethod,
             issuerUri,
             clientId: this.#state.constructorParams.clientId,
             autoLogin,

package/src/react/react.tsx

@@ -15,6 +15,7 @@ import { id } from "../tools/tsafe/id";
 import type { ValueOrAsyncGetter } from "../tools/ValueOrAsyncGetter";
 import { Deferred } from "../tools/Deferred";
 import { toFullyQualifiedUrl } from "../tools/toFullyQualifiedUrl";
+import { setDesiredPostLoginRedirectUrl } from "../core/desiredPostLoginRedirectUrl";
 
 export type OidcReact<DecodedIdToken extends Record<string, unknown>> =
     | OidcReact.NotLoggedIn
@@ -409,20 +410,48 @@ export function createReactOidc_dependencyInjection<
 
         const oidc = await getOidc();
 
+        const isUrlAlreadyReplaced =
+            window.location.href.replace(/\/$/, "") === redirectUrl.replace(/\/$/, "");
+
         if (!oidc.isUserLoggedIn) {
             if (cause === "preload") {
                 throw new Error(
                     "oidc-spa: User is not yet logged in. This is an expected error, nothing to be addressed."
                 );
             }
-            const doesCurrentHrefRequiresAuth =
-                location.href.replace(/\/$/, "") === redirectUrl.replace(/\/$/, "");
 
             await oidc.login({
                 redirectUrl,
-                doesCurrentHrefRequiresAuth
+                doesCurrentHrefRequiresAuth: isUrlAlreadyReplaced
             });
         }
+
+        define_temporary_postLoginRedirectUrl: {
+            if (isUrlAlreadyReplaced) {
+                break define_temporary_postLoginRedirectUrl;
+            }
+
+            setDesiredPostLoginRedirectUrl({ postLoginRedirectUrl: redirectUrl });
+
+            const history_pushState = history.pushState;
+            const history_replaceState = history.replaceState;
+
+            const onNavigated = () => {
+                history.pushState = history_pushState;
+                history.replaceState = history_replaceState;
+                setDesiredPostLoginRedirectUrl({ postLoginRedirectUrl: undefined });
+            };
+
+            history.pushState = function pushState(...args) {
+                onNavigated();
+                return history_pushState.call(history, ...args);
+            };
+
+            history.replaceState = function replaceState(...args) {
+                onNavigated();
+                return history_replaceState.call(history, ...args);
+            };
+        }
     }
 
     async function getOidc(): Promise<Oidc<DecodedIdToken>> {

package/src/react-spa/createOidcSpaApi.tsx

@@ -10,6 +10,7 @@ import { createObjectThatThrowsIfAccessed } from "../tools/createObjectThatThrow
 import { createStatefulEvt } from "../tools/StatefulEvt";
 import { id } from "../tools/tsafe/id";
 import { toFullyQualifiedUrl } from "../tools/toFullyQualifiedUrl";
+import { setDesiredPostLoginRedirectUrl } from "../core/desiredPostLoginRedirectUrl";
 
 export function createOidcSpaApi<
     AutoLogin extends boolean,
@@ -390,7 +391,7 @@ export function createOidcSpaApi<
                                 transformUrlBeforeRedirect: paramsOfBootstrap.transformUrlBeforeRedirect,
                                 extraQueryParams: paramsOfBootstrap.extraQueryParams,
                                 extraTokenParams: paramsOfBootstrap.extraTokenParams,
-                                noIframe: paramsOfBootstrap.noIframe,
+                                sessionRestorationMethod: paramsOfBootstrap.sessionRestorationMethod,
                                 debugLogs: paramsOfBootstrap.debugLogs,
                                 __unsafe_clientSecret: paramsOfBootstrap.__unsafe_clientSecret,
                                 __metadata: paramsOfBootstrap.__metadata,
@@ -440,25 +441,53 @@ export function createOidcSpaApi<
                 });
             }
 
-            return location.href;
+            return window.location.href;
         })();
 
         const oidc = await getOidc();
 
+        const isUrlAlreadyReplaced =
+            window.location.href.replace(/\/$/, "") === redirectUrl.replace(/\/$/, "");
+
         if (!oidc.isUserLoggedIn) {
             if (cause === "preload") {
                 throw new Error(
                     "oidc-spa: User is not yet logged in. This is an expected error, nothing to be addressed."
                 );
             }
-            const doesCurrentHrefRequiresAuth =
-                location.href.replace(/\/$/, "") === redirectUrl.replace(/\/$/, "");
 
             await oidc.login({
                 redirectUrl,
-                doesCurrentHrefRequiresAuth
+                doesCurrentHrefRequiresAuth: isUrlAlreadyReplaced
             });
         }
+
+        define_temporary_postLoginRedirectUrl: {
+            if (isUrlAlreadyReplaced) {
+                break define_temporary_postLoginRedirectUrl;
+            }
+
+            setDesiredPostLoginRedirectUrl({ postLoginRedirectUrl: redirectUrl });
+
+            const history_pushState = history.pushState;
+            const history_replaceState = history.replaceState;
+
+            const onNavigated = () => {
+                history.pushState = history_pushState;
+                history.replaceState = history_replaceState;
+                setDesiredPostLoginRedirectUrl({ postLoginRedirectUrl: undefined });
+            };
+
+            history.pushState = function pushState(...args) {
+                onNavigated();
+                return history_pushState.call(history, ...args);
+            };
+
+            history.replaceState = function replaceState(...args) {
+                onNavigated();
+                return history_replaceState.call(history, ...args);
+            };
+        }
     }
 
     function OidcInitializationErrorGate(props: {

package/src/react-spa/types.tsx

@@ -213,11 +213,34 @@ export namespace ParamsOfBootstrap {
             | (() => Record<string, string | undefined>);
 
         /**
-         * Default: false
+         * Determines how session restoration is handled.
+         * Session restoration allows users to stay logged in between visits
+         * without needing to explicitly sign in each time.
          *
-         * See: https://docs.oidc-spa.dev/v/v8/resources/iframe-related-issues
+         * Options:
+         *
+         * - **"auto" (default)**:
+         *   Automatically selects the best method.
+         *   If the app’s domain shares a common parent domain with the authorization endpoint,
+         *   an iframe is used for silent session restoration.
+         *   Otherwise, a full-page redirect is used.
+         *
+         * - **"full page redirect"**:
+         *   Forces full-page reloads for session restoration.
+         *   Use this if your application is served with a restrictive CSP
+         *   (e.g., `Content-Security-Policy: frame-ancestors "none"`)
+         *   or `X-Frame-Options: DENY`, and you cannot modify those headers.
+         *   This mode provides a slightly less seamless UX and will lead oidc-spa to
+         *   store tokens in `localStorage` if multiple OIDC clients are used
+         *   (e.g., your app communicates with several APIs).
+         *
+         * - **"iframe"**:
+         *   Forces iframe-based session restoration.
+         *   In development, if you go in your browser setting and allow your auth server’s domain
+         *   to set third-party cookies this value will let you test your app
+         *   with the local dev server as it will behave in production.
          */
-        noIframe?: boolean;
+        sessionRestorationMethod?: "iframe" | "full page redirect" | "auto";
 
         debugLogs?: boolean;
 

package/src/tanstack-start/react/createOidcSpaApi.tsx

@@ -30,6 +30,7 @@ import { createServerFn, createMiddleware } from "@tanstack/react-start";
 import { getRequest, setResponseHeader, setResponseStatus } from "@tanstack/react-start/server";
 import { toFullyQualifiedUrl } from "../../tools/toFullyQualifiedUrl";
 import { UnifiedClientRetryForSsrLoadersError } from "./rfcUnifiedClientRetryForSsrLoaders/UnifiedClientRetryForSsrLoadersError";
+import { setDesiredPostLoginRedirectUrl } from "../../core/desiredPostLoginRedirectUrl";
 
 export function createOidcSpaApi<
     AutoLogin extends boolean,
@@ -662,7 +663,7 @@ export function createOidcSpaApi<
                                 transformUrlBeforeRedirect: paramsOfBootstrap.transformUrlBeforeRedirect,
                                 extraQueryParams: paramsOfBootstrap.extraQueryParams,
                                 extraTokenParams: paramsOfBootstrap.extraTokenParams,
-                                noIframe: paramsOfBootstrap.noIframe,
+                                sessionRestorationMethod: paramsOfBootstrap.sessionRestorationMethod,
                                 debugLogs: paramsOfBootstrap.debugLogs,
                                 __unsafe_clientSecret: paramsOfBootstrap.__unsafe_clientSecret,
                                 __metadata: paramsOfBootstrap.__metadata,
@@ -714,6 +715,9 @@ export function createOidcSpaApi<
 
         const oidc = await getOidc();
 
+        const isUrlAlreadyReplaced =
+            window.location.href.replace(/\/$/, "") === redirectUrl.replace(/\/$/, "");
+
         if (!oidc.isUserLoggedIn) {
             if (cause === "preload") {
                 throw new Error(
@@ -724,14 +728,39 @@ export function createOidcSpaApi<
                     ].join(" ")
                 );
             }
-            const doesCurrentHrefRequiresAuth =
-                location.href.replace(/\/$/, "") === redirectUrl.replace(/\/$/, "");
 
             await oidc.login({
                 redirectUrl,
-                doesCurrentHrefRequiresAuth
+                doesCurrentHrefRequiresAuth: isUrlAlreadyReplaced
             });
         }
+
+        define_temporary_postLoginRedirectUrl: {
+            if (isUrlAlreadyReplaced) {
+                break define_temporary_postLoginRedirectUrl;
+            }
+
+            setDesiredPostLoginRedirectUrl({ postLoginRedirectUrl: redirectUrl });
+
+            const history_pushState = history.pushState;
+            const history_replaceState = history.replaceState;
+
+            const onNavigated = () => {
+                history.pushState = history_pushState;
+                history.replaceState = history_replaceState;
+                setDesiredPostLoginRedirectUrl({ postLoginRedirectUrl: undefined });
+            };
+
+            history.pushState = function pushState(...args) {
+                onNavigated();
+                return history_pushState.call(history, ...args);
+            };
+
+            history.replaceState = function replaceState(...args) {
+                onNavigated();
+                return history_replaceState.call(history, ...args);
+            };
+        }
     }
 
     enforceLogin.__isOidcSpaEnforceLogin = true;

package/src/tanstack-start/react/types.tsx

@@ -306,11 +306,34 @@ export namespace ParamsOfBootstrap {
             | (() => Record<string, string | undefined>);
 
         /**
-         * Default: false
+         * Determines how session restoration is handled.
+         * Session restoration allows users to stay logged in between visits
+         * without needing to explicitly sign in each time.
          *
-         * See: https://docs.oidc-spa.dev/v/v8/resources/iframe-related-issues
+         * Options:
+         *
+         * - **"auto" (default)**:
+         *   Automatically selects the best method.
+         *   If the app’s domain shares a common parent domain with the authorization endpoint,
+         *   an iframe is used for silent session restoration.
+         *   Otherwise, a full-page redirect is used.
+         *
+         * - **"full page redirect"**:
+         *   Forces full-page reloads for session restoration.
+         *   Use this if your application is served with a restrictive CSP
+         *   (e.g., `Content-Security-Policy: frame-ancestors "none"`)
+         *   or `X-Frame-Options: DENY`, and you cannot modify those headers.
+         *   This mode provides a slightly less seamless UX and will lead oidc-spa to
+         *   store tokens in `localStorage` if multiple OIDC clients are used
+         *   (e.g., your app communicates with several APIs).
+         *
+         * - **"iframe"**:
+         *   Forces iframe-based session restoration.
+         *   In development, if you go in your browser setting and allow your auth server’s domain
+         *   to set third-party cookies this value will let you test your app
+         *   with the local dev server as it will behave in production.
          */
-        noIframe?: boolean;
+        sessionRestorationMethod?: "iframe" | "full page redirect" | "auto";
 
         debugLogs?: boolean;
 

package/src/tools/lazySessionStorage.ts

@@ -0,0 +1,123 @@
+import { assert } from "../tools/tsafe/assert";
+
+export type LazySessionStorage = {
+    // `Storage` methods, we don't use the type directly because it has [name: string]: any;
+    readonly length: number;
+    clear(): void;
+    getItem(key: string): string | null;
+    key(index: number): string | null;
+    removeItem(key: string): void;
+    setItem(key: string, value: string): void;
+
+    // Custom method
+    persistCurrentStateAndSubsequentChanges: () => void;
+};
+
+export function createLazySessionStorage(params: { storageId: string }): LazySessionStorage {
+    const { storageId } = params;
+
+    const sessionStoragePrefix = `lazy-session-storage:${storageId}:`;
+
+    const getSessionStorageKey = (key: string) => `${sessionStoragePrefix}${key}`;
+
+    const entries: { key: string; value: string }[] = [];
+
+    for (let i = 0; i < sessionStorage.length; i++) {
+        const key = sessionStorage.key(i);
+        assert(key !== null, "470498");
+
+        if (!key.startsWith(sessionStoragePrefix)) {
+            continue;
+        }
+
+        const value = sessionStorage.getItem(key);
+
+        assert(value !== null, "846771");
+
+        sessionStorage.removeItem(key);
+
+        entries.push({
+            key: key.slice(sessionStoragePrefix.length),
+            value
+        });
+    }
+
+    let isPersistenceEnabled = false;
+
+    const storage: LazySessionStorage = {
+        persistCurrentStateAndSubsequentChanges: () => {
+            isPersistenceEnabled = true;
+
+            for (let i = 0; i < storage.length; i++) {
+                const key = storage.key(i);
+                assert(key !== null, "803385");
+
+                const value = storage.getItem(key);
+
+                assert(value !== null, "777098");
+
+                storage.setItem(key, value);
+            }
+        },
+        get length() {
+            return entries.length;
+        },
+        key: index => {
+            const entry = entries[index];
+
+            if (entry === undefined) {
+                return null;
+            }
+
+            return entry.key;
+        },
+        removeItem: key => {
+            const entry = entries.find(entry => entry.key === key);
+
+            if (entry === undefined) {
+                return;
+            }
+
+            sessionStorage.removeItem(getSessionStorageKey(entry.key));
+
+            const index = entries.indexOf(entry);
+
+            entries.splice(index, 1);
+        },
+        clear: () => {
+            for (let i = 0; i < storage.length; i++) {
+                const key = storage.key(i);
+                assert(key !== null, "290875");
+                storage.removeItem(key);
+            }
+        },
+        getItem: key => {
+            const entry = entries.find(entry => entry.key === key);
+            if (entry === undefined) {
+                return null;
+            }
+            return entry.value;
+        },
+        setItem: (key, value) => {
+            if (isPersistenceEnabled) {
+                sessionStorage.setItem(getSessionStorageKey(key), value);
+            }
+
+            update: {
+                const entry = entries.find(entry => entry.key === key);
+
+                if (entry === undefined) {
+                    break update;
+                }
+
+                entry.value = value;
+
+                return;
+            }
+
+            entries.push({ key, value });
+        }
+    };
+
+    return storage;
+}

package/src/vite-plugin/manageOptimizedDeps.ts

@@ -34,7 +34,8 @@ export function manageOptimizedDeps(params: {
                 const moduleNames_include = [
                     "oidc-spa/react-spa",
                     "oidc-spa/entrypoint",
-                    "oidc-spa/keycloak"
+                    "oidc-spa/keycloak",
+                    "oidc-spa/core"
                 ];
 
                 for (const moduleName of moduleNames_include) {
@@ -55,6 +56,8 @@ export function manageOptimizedDeps(params: {
                     moduleNames_include.push("zod");
                 }
 
+                moduleNames_include.push("oidc-spa");
+
                 ((userConfig.optimizeDeps ??= {}).include ??= []).push(...moduleNames_include);
             }
             break;

package/tools/{EphemeralSessionStorage.d.ts → lazySessionStorage.d.ts}

@@ -1,4 +1,4 @@
-export type EphemeralSessionStorage = {
+export type LazySessionStorage = {
     readonly length: number;
     clear(): void;
     getItem(key: string): string | null;
@@ -7,6 +7,6 @@ export type EphemeralSessionStorage = {
     setItem(key: string, value: string): void;
     persistCurrentStateAndSubsequentChanges: () => void;
 };
-export declare function createEphemeralSessionStorage(params: {
-    sessionStorageTtlMs: number;
-}): EphemeralSessionStorage;
+export declare function createLazySessionStorage(params: {
+    storageId: string;
+}): LazySessionStorage;

package/tools/lazySessionStorage.js

@@ -0,0 +1,86 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createLazySessionStorage = createLazySessionStorage;
+const assert_1 = require("../tools/tsafe/assert");
+function createLazySessionStorage(params) {
+    const { storageId } = params;
+    const sessionStoragePrefix = `lazy-session-storage:${storageId}:`;
+    const getSessionStorageKey = (key) => `${sessionStoragePrefix}${key}`;
+    const entries = [];
+    for (let i = 0; i < sessionStorage.length; i++) {
+        const key = sessionStorage.key(i);
+        (0, assert_1.assert)(key !== null, "470498");
+        if (!key.startsWith(sessionStoragePrefix)) {
+            continue;
+        }
+        const value = sessionStorage.getItem(key);
+        (0, assert_1.assert)(value !== null, "846771");
+        sessionStorage.removeItem(key);
+        entries.push({
+            key: key.slice(sessionStoragePrefix.length),
+            value
+        });
+    }
+    let isPersistenceEnabled = false;
+    const storage = {
+        persistCurrentStateAndSubsequentChanges: () => {
+            isPersistenceEnabled = true;
+            for (let i = 0; i < storage.length; i++) {
+                const key = storage.key(i);
+                (0, assert_1.assert)(key !== null, "803385");
+                const value = storage.getItem(key);
+                (0, assert_1.assert)(value !== null, "777098");
+                storage.setItem(key, value);
+            }
+        },
+        get length() {
+            return entries.length;
+        },
+        key: index => {
+            const entry = entries[index];
+            if (entry === undefined) {
+                return null;
+            }
+            return entry.key;
+        },
+        removeItem: key => {
+            const entry = entries.find(entry => entry.key === key);
+            if (entry === undefined) {
+                return;
+            }
+            sessionStorage.removeItem(getSessionStorageKey(entry.key));
+            const index = entries.indexOf(entry);
+            entries.splice(index, 1);
+        },
+        clear: () => {
+            for (let i = 0; i < storage.length; i++) {
+                const key = storage.key(i);
+                (0, assert_1.assert)(key !== null, "290875");
+                storage.removeItem(key);
+            }
+        },
+        getItem: key => {
+            const entry = entries.find(entry => entry.key === key);
+            if (entry === undefined) {
+                return null;
+            }
+            return entry.value;
+        },
+        setItem: (key, value) => {
+            if (isPersistenceEnabled) {
+                sessionStorage.setItem(getSessionStorageKey(key), value);
+            }
+            update: {
+                const entry = entries.find(entry => entry.key === key);
+                if (entry === undefined) {
+                    break update;
+                }
+                entry.value = value;
+                return;
+            }
+            entries.push({ key, value });
+        }
+    };
+    return storage;
+}
+//# sourceMappingURL=lazySessionStorage.js.map

package/tools/lazySessionStorage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"lazySessionStorage.js","sourceRoot":"","sources":["../src/tools/lazySessionStorage.ts"],"names":[],"mappings":";;AAeA,4DA2GC;AA1HD,kDAA+C;AAe/C,SAAgB,wBAAwB,CAAC,MAA6B;IAClE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;IAE7B,MAAM,oBAAoB,GAAG,wBAAwB,SAAS,GAAG,CAAC;IAElE,MAAM,oBAAoB,GAAG,CAAC,GAAW,EAAE,EAAE,CAAC,GAAG,oBAAoB,GAAG,GAAG,EAAE,CAAC;IAE9E,MAAM,OAAO,GAAqC,EAAE,CAAC;IAErD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7C,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAClC,IAAA,eAAM,EAAC,GAAG,KAAK,IAAI,EAAE,QAAQ,CAAC,CAAC;QAE/B,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,EAAE,CAAC;YACxC,SAAS;QACb,CAAC;QAED,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAE1C,IAAA,eAAM,EAAC,KAAK,KAAK,IAAI,EAAE,QAAQ,CAAC,CAAC;QAEjC,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QAE/B,OAAO,CAAC,IAAI,CAAC;YACT,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,oBAAoB,CAAC,MAAM,CAAC;YAC3C,KAAK;SACR,CAAC,CAAC;IACP,CAAC;IAED,IAAI,oBAAoB,GAAG,KAAK,CAAC;IAEjC,MAAM,OAAO,GAAuB;QAChC,uCAAuC,EAAE,GAAG,EAAE;YAC1C,oBAAoB,GAAG,IAAI,CAAC;YAE5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAC3B,IAAA,eAAM,EAAC,GAAG,KAAK,IAAI,EAAE,QAAQ,CAAC,CAAC;gBAE/B,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAEnC,IAAA,eAAM,EAAC,KAAK,KAAK,IAAI,EAAE,QAAQ,CAAC,CAAC;gBAEjC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAChC,CAAC;QACL,CAAC;QACD,IAAI,MAAM;YACN,OAAO,OAAO,CAAC,MAAM,CAAC;QAC1B,CAAC;QACD,GAAG,EAAE,KAAK,CAAC,EAAE;YACT,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;YAE7B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACtB,OAAO,IAAI,CAAC;YAChB,CAAC;YAED,OAAO,KAAK,CAAC,GAAG,CAAC;QACrB,CAAC;QACD,UAAU,EAAE,GAAG,CAAC,EAAE;YACd,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;YAEvD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACtB,OAAO;YACX,CAAC;YAED,cAAc,CAAC,UAAU,CAAC,oBAAoB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;YAE3D,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAErC,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAC7B,CAAC;QACD,KAAK,EAAE,GAAG,EAAE;YACR,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAC3B,IAAA,eAAM,EAAC,GAAG,KAAK,IAAI,EAAE,QAAQ,CAAC,CAAC;gBAC/B,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YAC5B,CAAC;QACL,CAAC;QACD,OAAO,EAAE,GAAG,CAAC,EAAE;YACX,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;YACvD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACtB,OAAO,IAAI,CAAC;YAChB,CAAC;YACD,OAAO,KAAK,CAAC,KAAK,CAAC;QACvB,CAAC;QACD,OAAO,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;YACpB,IAAI,oBAAoB,EAAE,CAAC;gBACvB,cAAc,CAAC,OAAO,CAAC,oBAAoB,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,CAAC;YAC7D,CAAC;YAED,MAAM,EAAE,CAAC;gBACL,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;gBAEvD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;oBACtB,MAAM,MAAM,CAAC;gBACjB,CAAC;gBAED,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC;gBAEpB,OAAO;YACX,CAAC;YAED,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;QACjC,CAAC;KACJ,CAAC;IAEF,OAAO,OAAO,CAAC;AACnB,CAAC"}

package/vite-plugin/manageOptimizedDeps.js

@@ -59,7 +59,8 @@ function manageOptimizedDeps(params) {
                 const moduleNames_include = [
                     "oidc-spa/react-spa",
                     "oidc-spa/entrypoint",
-                    "oidc-spa/keycloak"
+                    "oidc-spa/keycloak",
+                    "oidc-spa/core"
                 ];
                 for (const moduleName of moduleNames_include) {
                     (0, assert_1.assert)(moduleNames.includes(moduleName));
@@ -76,6 +77,7 @@ function manageOptimizedDeps(params) {
                 if (isZodInstalled) {
                     moduleNames_include.push("zod");
                 }
+                moduleNames_include.push("oidc-spa");
                 ((_b = (userConfig.optimizeDeps ?? (userConfig.optimizeDeps = {}))).include ?? (_b.include = [])).push(...moduleNames_include);
             }
             break;