tenneo-auth-plugin 0.1.7 → 0.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -129,8 +129,7 @@ function App() {
129
129
  - Pluggable storage adapters (session, cookie, memory)
130
130
  - Authentication event system for observability
131
131
  - Strict TypeScript definitions throughout
132
- - Runtime configuration override support
133
- - Window-based configuration injection
132
+ - Host-driven configuration (props / `setConfig()`)
134
133
  - Clean layered architecture
135
134
  - Tree-shakeable ESM and CJS builds
136
135
  - React 18+ compatibility
@@ -140,6 +139,9 @@ function App() {
140
139
  | Prop | Type | Required | Default | Description |
141
140
  |------|------|----------|---------|-------------|
142
141
  | `tenantCode` | `string` | No | - | Tenant code for configuration resolution |
142
+ | `apiBaseUrl` | `string` | Yes | - | Tenant resolution service base URL |
143
+ | `authServerUrl` | `string` | Yes | - | Authorization server base URL (OIDC authorize) |
144
+ | `callbackUrl` | `string` | Yes | - | Full callback/redirect URL |
143
145
  | `appId` | `string` | No | `''` | Application identifier for storage namespacing |
144
146
  | `autoInit` | `boolean` | No | `true` | Automatically initialize authentication on mount |
145
147
  | `storageAdapter` | `StorageAdapter` | No | `null` | Custom storage adapter instance |
@@ -276,62 +278,39 @@ const token = await engine.getAccessToken();
276
278
 
277
279
  ## Configuration
278
280
 
279
- ### Environment Variables
281
+ ### Host app configuration (required)
280
282
 
281
- Configure the plugin using environment variables. For Vite applications, use the `VITE_` prefix.
283
+ This SDK does **not** read `.env` or `window.__AUTH_CONFIG__`. Provide configuration from your host app:
282
284
 
283
- ```env
284
- # OAuth Server URL
285
- VITE_AUTH_SERVER_URL=https://auth.example.com
286
-
287
- # API Base URLs
288
- VITE_API_TENANT_RESOLUTION_BASE_URL=https://api.example.com/api/v1
289
- VITE_API_AUTH_BASE_URL=https://auth.example.com
290
-
291
- # Default Configuration
292
- VITE_CLIENT_ID=your-client-id
293
- VITE_TENANT_ID=your-tenant-id
294
- VITE_CLIENTCODE=your-tenant-code
295
- ```
296
-
297
- ### Window Runtime Configuration
298
-
299
- Inject configuration at runtime without rebuilding the application.
285
+ ```tsx
286
+ import { AuthProvider } from 'tenneo-auth-plugin';
300
287
 
301
- ```html
302
- <script>
303
- window.__AUTH_CONFIG__ = {
304
- clientId: 'runtime-client-id',
305
- tenantId: 'runtime-tenant-id',
306
- basePath: '/app',
307
- };
308
- </script>
288
+ <AuthProvider
289
+ tenantCode="your-tenant-code"
290
+ apiBaseUrl="https://tenant-service.example.com"
291
+ authServerUrl="https://auth.example.com"
292
+ callbackUrl="https://app.example.com/callback"
293
+ appId="myapp"
294
+ >
295
+ <App />
296
+ </AuthProvider>
309
297
  ```
310
298
 
311
- ### Configuration Priority
312
-
313
- Configuration is resolved in the following order (highest priority first):
314
-
315
- 1. Props passed to AuthProvider
316
- 2. Window configuration (`window.__AUTH_CONFIG__`)
317
- 3. Environment variables
318
- 4. Built-in defaults
319
-
320
299
  ### Programmatic Configuration
321
300
 
322
301
  ```tsx
323
302
  import { setConfig, Config } from 'tenneo-auth-plugin';
324
303
 
325
- // Override configuration
304
+ // Override configuration (host-driven)
326
305
  setConfig({
327
- clientId: 'custom-client-id',
328
- tenantId: 'custom-tenant-id',
329
- basePath: '/my-app',
306
+ tenantCode: 'your-tenant-code',
307
+ apiBaseUrl: 'https://tenant-service.example.com',
308
+ authServerUrl: 'https://auth.example.com',
309
+ callbackUrl: 'https://app.example.com/callback',
330
310
  });
331
311
 
332
312
  // Access resolved configuration
333
313
  const authServerUrl = Config.getAuthServerUrl();
334
- const clientId = Config.getClientId();
335
314
  const allConfig = Config.getAll();
336
315
  ```
337
316
 
@@ -420,13 +399,11 @@ import type {
420
399
  TokenResponse,
421
400
  AuthState,
422
401
  AuthContextValue,
423
- EnvConfig,
424
402
  AuthTokens,
425
403
  StorageAdapter,
426
404
  AuthEngine,
427
405
  AuthEngineState,
428
406
  SDKConfig,
429
- RuntimeConfigOverrides,
430
407
  } from 'tenneo-auth-plugin';
431
408
  ```
432
409
 
package/dist/index.d.mts CHANGED
@@ -8,12 +8,22 @@ declare function bootstrap(): Promise<void>;
8
8
  /**
9
9
  * Logout functionality.
10
10
  * Sets force_login, clears auth storage; does not redirect (bootstrap handles that).
11
+ *
12
+ * This module is hardened for:
13
+ * - Multi-tab race safety (timestamp-based lock)
14
+ * - Proper server logout validation
15
+ * - Scoped auth storage cleanup
16
+ * - Watcher lifecycle correctness
17
+ * - CSRF protection (when host app provides a token)
11
18
  */
12
19
  interface LogoutResponse {
13
20
  success?: boolean;
14
21
  message?: string;
15
22
  logout?: boolean;
16
23
  }
24
+ /**
25
+ * Public logout API – keeps signature/backward-compatibility.
26
+ */
17
27
  declare function logout(tenantKey?: string): Promise<{
18
28
  success: boolean;
19
29
  message: string;
@@ -205,6 +215,12 @@ interface AuthProviderProps {
205
215
  autoInit?: boolean;
206
216
  /** Tenant code from host app (used to resolve tenant via GET /api/tenant/v1/public/tenants/by-code/{tenantCode}). */
207
217
  tenantCode?: string;
218
+ /** Tenant resolution base URL (host app). */
219
+ apiBaseUrl?: string;
220
+ /** Authorization server URL (host app). */
221
+ authServerUrl?: string;
222
+ /** Callback/redirect URL (host app). */
223
+ callbackUrl?: string;
208
224
  /** App id for storage namespacing (auth_${tenantId}_${appId}_*). */
209
225
  appId?: string;
210
226
  /** Optional storage adapter; default is SecureSessionStorageAdapter with namespacing. */
@@ -213,7 +229,7 @@ interface AuthProviderProps {
213
229
  /**
214
230
  * AuthProvider – UI-facing auth state only
215
231
  */
216
- declare function AuthProvider({ children, autoInit, tenantCode, appId, storageAdapter, }: AuthProviderProps): React.JSX.Element;
232
+ declare function AuthProvider({ children, autoInit, tenantCode, apiBaseUrl, authServerUrl, callbackUrl, appId, storageAdapter, }: AuthProviderProps): React.JSX.Element;
217
233
 
218
234
  interface AuthCallbackProps {
219
235
  loginPath?: string;
@@ -286,10 +302,7 @@ interface ConfigProvider {
286
302
  getApiBaseUrl(): string;
287
303
  getAuthServerUrl(): string;
288
304
  getRedirectUri(): string;
289
- getClientId(): string;
290
- getTenantId(): string;
291
305
  getClientCode(): string;
292
- getBasePath(): string;
293
306
  }
294
307
  /** Tenant resolution – replaces direct tenant API usage in core. */
295
308
  interface TenantResolver {
@@ -404,50 +417,36 @@ declare function resolveTenant(tenantKey: string): Promise<TenantConfig | null>;
404
417
 
405
418
  /**
406
419
  * Configuration types.
407
- * Internal: non-overridable (from .env). Runtime: overridable (env + window + setConfig).
408
420
  *
409
- * BASE URL SEPARATION (mandatory do not mix):
410
- * - API_TENANT_RESOLUTION_BASE_URL: Tenant resolution only.
411
- * - API_AUTH_BASE_URL: Token operations only (exchange, refresh, logout).
412
- * - AUTH_SERVER_URL: OpenID Connect authorization redirect only.
413
- */
414
- interface InternalConfig {
415
- API_TENANT_RESOLUTION_BASE_URL: string;
416
- API_AUTH_BASE_URL: string;
417
- AUTH_SERVER_URL: string;
418
- DEFAULT_DOMAIN: string;
419
- }
420
- /** Single source of truth: .env (VITE_CLIENT_ID, VITE_TENANT_ID, VITE_CLIENTCODE). */
421
- interface RuntimeConfig {
422
- CLIENT_ID: string;
423
- TENANT_ID: string;
424
- CLIENTCODE: string;
425
- }
426
- type ResolvedConfig = InternalConfig & RuntimeConfig;
427
- type SDKConfig = ResolvedConfig;
428
- interface RuntimeConfigOverrides {
429
- basePath?: string;
430
- redirectUri?: string;
431
- }
432
- type HostConfigOverride = Partial<RuntimeConfig> & Partial<RuntimeConfigOverrides>;
433
- /** Window __APP_CONFIG__ / __AUTH_CONFIG__ shape (clientId, tenantId, clientcode only). */
434
- interface HostRuntimeConfig {
421
+ * There is no "internal vs runtime" config anymore.
422
+ * Everything is provided by the host app via `AuthProvider` props / `setConfig()`.
423
+ */
424
+ interface SDKConfig {
425
+ /** Tenant resolution service base URL. */
426
+ apiBaseUrl?: string;
427
+ /** Auth API base URL (token exchange/refresh/logout). */
428
+ apiAuthBaseUrl?: string;
429
+ /** Authorization server base URL (OIDC authorize endpoint). */
430
+ authServerUrl?: string;
431
+ /** Callback/redirect URL (full URL). */
432
+ callbackUrl?: string;
433
+ /** Optional tenant code/key (used for tenant resolution). */
434
+ tenantCode?: string;
435
+ /** Optional runtime identifiers (may be returned from tenant API). */
435
436
  clientId?: string;
436
437
  tenantId?: string;
437
- clientcode?: string;
438
+ clientCode?: string;
439
+ /** Optional UI/runtime overrides. */
440
+ basePath?: string;
438
441
  }
439
- /** Full resolved config output (internal URLs + runtime + derived redirectUri, basePath). */
440
- interface ResolvedHostConfig {
441
- apiTenantResolutionBaseUrl: string;
442
- apiAuthBaseUrl: string;
442
+ type HostConfigOverride = SDKConfig;
443
+ interface ResolvedConfig {
444
+ apiBaseUrl: string;
443
445
  authServerUrl: string;
444
- defaultDomain: string;
445
- clientId: string;
446
- tenantId: string;
446
+ callbackUrl: string;
447
447
  clientCode: string;
448
- redirectUri: string;
449
- basePath: string;
450
448
  }
449
+ type ResolvedHostConfig = ResolvedConfig;
451
450
 
452
451
  /**
453
452
  * OAuth constants and storage keys. No config resolution — pure constants.
@@ -473,39 +472,22 @@ declare const STORAGE_KEYS: {
473
472
  };
474
473
 
475
474
  /**
476
- * Config: resolver + public Config facade.
477
- * Resolution order: runtime overrides > window > env > defaults.
478
- * Single source of truth: .env (see .env.example).
475
+ * Config: minimal host-driven config store + facade.
476
+ *
477
+ * No "internal" or "runtime" config separation.
478
+ * Everything comes from the host app via `setConfig()` / `AuthProvider` props.
479
479
  */
480
480
 
481
- declare global {
482
- interface Window {
483
- __APP_CONFIG__?: HostRuntimeConfig | {
484
- [key: string]: unknown;
485
- };
486
- __AUTH_CONFIG__?: HostRuntimeConfig | {
487
- [key: string]: unknown;
488
- };
489
- }
490
- }
491
- declare function resolveConfig(overrides?: HostConfigOverride): InternalConfig & RuntimeConfig;
492
- declare function getConfig(): InternalConfig & RuntimeConfig;
481
+ declare function resolveConfig(overrides?: HostConfigOverride): ResolvedConfig;
482
+ declare function getConfig(): ResolvedConfig;
493
483
  declare function setConfig(overrides: HostConfigOverride): void;
494
484
  declare const Config: {
495
- readonly getApiTenantResolutionBaseUrl: () => string;
496
- readonly getApiAuthBaseUrl: () => string;
485
+ readonly getApiBaseUrl: () => string;
497
486
  readonly getAuthServerUrl: () => string;
498
- readonly getDefaultDomain: () => string;
499
- readonly getClientId: () => string;
500
- readonly getTenantId: () => string;
501
487
  readonly getClientCode: () => string;
502
488
  readonly getRedirectUri: () => string;
503
- readonly getBasePath: () => string;
504
- readonly hasRuntimeConfig: () => boolean;
505
489
  readonly getAll: () => ResolvedHostConfig;
506
490
  };
507
- declare function getEnvConfig(): Promise<EnvConfig | null>;
508
- declare function hasEnvFallback(): boolean;
509
491
 
510
492
  /**
511
493
  * Security and error utilities for authentication.
@@ -555,4 +537,4 @@ type AuthEventHandler = (payload?: AuthEventPayload) => void;
555
537
  declare function emitAuthEvent(event: AuthEventName, payload?: AuthEventPayload): void;
556
538
  declare function subscribeAuthEvent(event: AuthEventName | '*', handler: AuthEventHandler): () => void;
557
539
 
558
- export { AuthCallback, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type HostConfigOverride, type InternalConfig, type Logger, OAUTH_CONSTANTS, ProtectedRoute, type ResolvedConfig, type RuntimeConfigOverrides, type SDKConfig, type RuntimeConfig as SDKRuntimeConfig, STORAGE_KEYS, STORAGE_KEY_PREFIX, SanitizedError, type StorageAdapter, type StorageNamespace, type TenantConfig, type TenantResolver, type TokenResponse, type TokenStorageAdapter, type Unsubscribe, type UrlProvider, bootstrap, buildStorageKey, createAuthEngine, createCookieStorageAdapter, createMemoryStorageAdapter, createOAuth2PkceStrategy, createSecureSessionStorageAdapter, emitAuthEvent, enforceHttps, ensureValidAccessToken, extractTenantKey, getAccessToken$1 as getAccessToken, getAuthRuntime, getConfig, getEnvConfig, getStorageAdapter, getStorageNamespace, getAccessToken as getStoredAccessToken, hasEnvFallback, isAccessTokenExpired, isCallbackUrl, logout, refreshAccessToken, resetCookieWatcher, resolveConfig, resolveTenant, sanitizeErrorMessage, setAuthRuntime, setConfig, setStorageContext, startCookieWatcher, stopCookieWatcher, subscribeAuthEvent, useAuth, useAuthContext, useAuthInit };
540
+ export { AuthCallback, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type HostConfigOverride, type Logger, OAUTH_CONSTANTS, ProtectedRoute, type ResolvedConfig, type SDKConfig, STORAGE_KEYS, STORAGE_KEY_PREFIX, SanitizedError, type StorageAdapter, type StorageNamespace, type TenantConfig, type TenantResolver, type TokenResponse, type TokenStorageAdapter, type Unsubscribe, type UrlProvider, bootstrap, buildStorageKey, createAuthEngine, createCookieStorageAdapter, createMemoryStorageAdapter, createOAuth2PkceStrategy, createSecureSessionStorageAdapter, emitAuthEvent, enforceHttps, ensureValidAccessToken, extractTenantKey, getAccessToken$1 as getAccessToken, getAuthRuntime, getConfig, getStorageAdapter, getStorageNamespace, getAccessToken as getStoredAccessToken, isAccessTokenExpired, isCallbackUrl, logout, refreshAccessToken, resetCookieWatcher, resolveConfig, resolveTenant, sanitizeErrorMessage, setAuthRuntime, setConfig, setStorageContext, startCookieWatcher, stopCookieWatcher, subscribeAuthEvent, useAuth, useAuthContext, useAuthInit };
package/dist/index.d.ts CHANGED
@@ -8,12 +8,22 @@ declare function bootstrap(): Promise<void>;
8
8
  /**
9
9
  * Logout functionality.
10
10
  * Sets force_login, clears auth storage; does not redirect (bootstrap handles that).
11
+ *
12
+ * This module is hardened for:
13
+ * - Multi-tab race safety (timestamp-based lock)
14
+ * - Proper server logout validation
15
+ * - Scoped auth storage cleanup
16
+ * - Watcher lifecycle correctness
17
+ * - CSRF protection (when host app provides a token)
11
18
  */
12
19
  interface LogoutResponse {
13
20
  success?: boolean;
14
21
  message?: string;
15
22
  logout?: boolean;
16
23
  }
24
+ /**
25
+ * Public logout API – keeps signature/backward-compatibility.
26
+ */
17
27
  declare function logout(tenantKey?: string): Promise<{
18
28
  success: boolean;
19
29
  message: string;
@@ -205,6 +215,12 @@ interface AuthProviderProps {
205
215
  autoInit?: boolean;
206
216
  /** Tenant code from host app (used to resolve tenant via GET /api/tenant/v1/public/tenants/by-code/{tenantCode}). */
207
217
  tenantCode?: string;
218
+ /** Tenant resolution base URL (host app). */
219
+ apiBaseUrl?: string;
220
+ /** Authorization server URL (host app). */
221
+ authServerUrl?: string;
222
+ /** Callback/redirect URL (host app). */
223
+ callbackUrl?: string;
208
224
  /** App id for storage namespacing (auth_${tenantId}_${appId}_*). */
209
225
  appId?: string;
210
226
  /** Optional storage adapter; default is SecureSessionStorageAdapter with namespacing. */
@@ -213,7 +229,7 @@ interface AuthProviderProps {
213
229
  /**
214
230
  * AuthProvider – UI-facing auth state only
215
231
  */
216
- declare function AuthProvider({ children, autoInit, tenantCode, appId, storageAdapter, }: AuthProviderProps): React.JSX.Element;
232
+ declare function AuthProvider({ children, autoInit, tenantCode, apiBaseUrl, authServerUrl, callbackUrl, appId, storageAdapter, }: AuthProviderProps): React.JSX.Element;
217
233
 
218
234
  interface AuthCallbackProps {
219
235
  loginPath?: string;
@@ -286,10 +302,7 @@ interface ConfigProvider {
286
302
  getApiBaseUrl(): string;
287
303
  getAuthServerUrl(): string;
288
304
  getRedirectUri(): string;
289
- getClientId(): string;
290
- getTenantId(): string;
291
305
  getClientCode(): string;
292
- getBasePath(): string;
293
306
  }
294
307
  /** Tenant resolution – replaces direct tenant API usage in core. */
295
308
  interface TenantResolver {
@@ -404,50 +417,36 @@ declare function resolveTenant(tenantKey: string): Promise<TenantConfig | null>;
404
417
 
405
418
  /**
406
419
  * Configuration types.
407
- * Internal: non-overridable (from .env). Runtime: overridable (env + window + setConfig).
408
420
  *
409
- * BASE URL SEPARATION (mandatory do not mix):
410
- * - API_TENANT_RESOLUTION_BASE_URL: Tenant resolution only.
411
- * - API_AUTH_BASE_URL: Token operations only (exchange, refresh, logout).
412
- * - AUTH_SERVER_URL: OpenID Connect authorization redirect only.
413
- */
414
- interface InternalConfig {
415
- API_TENANT_RESOLUTION_BASE_URL: string;
416
- API_AUTH_BASE_URL: string;
417
- AUTH_SERVER_URL: string;
418
- DEFAULT_DOMAIN: string;
419
- }
420
- /** Single source of truth: .env (VITE_CLIENT_ID, VITE_TENANT_ID, VITE_CLIENTCODE). */
421
- interface RuntimeConfig {
422
- CLIENT_ID: string;
423
- TENANT_ID: string;
424
- CLIENTCODE: string;
425
- }
426
- type ResolvedConfig = InternalConfig & RuntimeConfig;
427
- type SDKConfig = ResolvedConfig;
428
- interface RuntimeConfigOverrides {
429
- basePath?: string;
430
- redirectUri?: string;
431
- }
432
- type HostConfigOverride = Partial<RuntimeConfig> & Partial<RuntimeConfigOverrides>;
433
- /** Window __APP_CONFIG__ / __AUTH_CONFIG__ shape (clientId, tenantId, clientcode only). */
434
- interface HostRuntimeConfig {
421
+ * There is no "internal vs runtime" config anymore.
422
+ * Everything is provided by the host app via `AuthProvider` props / `setConfig()`.
423
+ */
424
+ interface SDKConfig {
425
+ /** Tenant resolution service base URL. */
426
+ apiBaseUrl?: string;
427
+ /** Auth API base URL (token exchange/refresh/logout). */
428
+ apiAuthBaseUrl?: string;
429
+ /** Authorization server base URL (OIDC authorize endpoint). */
430
+ authServerUrl?: string;
431
+ /** Callback/redirect URL (full URL). */
432
+ callbackUrl?: string;
433
+ /** Optional tenant code/key (used for tenant resolution). */
434
+ tenantCode?: string;
435
+ /** Optional runtime identifiers (may be returned from tenant API). */
435
436
  clientId?: string;
436
437
  tenantId?: string;
437
- clientcode?: string;
438
+ clientCode?: string;
439
+ /** Optional UI/runtime overrides. */
440
+ basePath?: string;
438
441
  }
439
- /** Full resolved config output (internal URLs + runtime + derived redirectUri, basePath). */
440
- interface ResolvedHostConfig {
441
- apiTenantResolutionBaseUrl: string;
442
- apiAuthBaseUrl: string;
442
+ type HostConfigOverride = SDKConfig;
443
+ interface ResolvedConfig {
444
+ apiBaseUrl: string;
443
445
  authServerUrl: string;
444
- defaultDomain: string;
445
- clientId: string;
446
- tenantId: string;
446
+ callbackUrl: string;
447
447
  clientCode: string;
448
- redirectUri: string;
449
- basePath: string;
450
448
  }
449
+ type ResolvedHostConfig = ResolvedConfig;
451
450
 
452
451
  /**
453
452
  * OAuth constants and storage keys. No config resolution — pure constants.
@@ -473,39 +472,22 @@ declare const STORAGE_KEYS: {
473
472
  };
474
473
 
475
474
  /**
476
- * Config: resolver + public Config facade.
477
- * Resolution order: runtime overrides > window > env > defaults.
478
- * Single source of truth: .env (see .env.example).
475
+ * Config: minimal host-driven config store + facade.
476
+ *
477
+ * No "internal" or "runtime" config separation.
478
+ * Everything comes from the host app via `setConfig()` / `AuthProvider` props.
479
479
  */
480
480
 
481
- declare global {
482
- interface Window {
483
- __APP_CONFIG__?: HostRuntimeConfig | {
484
- [key: string]: unknown;
485
- };
486
- __AUTH_CONFIG__?: HostRuntimeConfig | {
487
- [key: string]: unknown;
488
- };
489
- }
490
- }
491
- declare function resolveConfig(overrides?: HostConfigOverride): InternalConfig & RuntimeConfig;
492
- declare function getConfig(): InternalConfig & RuntimeConfig;
481
+ declare function resolveConfig(overrides?: HostConfigOverride): ResolvedConfig;
482
+ declare function getConfig(): ResolvedConfig;
493
483
  declare function setConfig(overrides: HostConfigOverride): void;
494
484
  declare const Config: {
495
- readonly getApiTenantResolutionBaseUrl: () => string;
496
- readonly getApiAuthBaseUrl: () => string;
485
+ readonly getApiBaseUrl: () => string;
497
486
  readonly getAuthServerUrl: () => string;
498
- readonly getDefaultDomain: () => string;
499
- readonly getClientId: () => string;
500
- readonly getTenantId: () => string;
501
487
  readonly getClientCode: () => string;
502
488
  readonly getRedirectUri: () => string;
503
- readonly getBasePath: () => string;
504
- readonly hasRuntimeConfig: () => boolean;
505
489
  readonly getAll: () => ResolvedHostConfig;
506
490
  };
507
- declare function getEnvConfig(): Promise<EnvConfig | null>;
508
- declare function hasEnvFallback(): boolean;
509
491
 
510
492
  /**
511
493
  * Security and error utilities for authentication.
@@ -555,4 +537,4 @@ type AuthEventHandler = (payload?: AuthEventPayload) => void;
555
537
  declare function emitAuthEvent(event: AuthEventName, payload?: AuthEventPayload): void;
556
538
  declare function subscribeAuthEvent(event: AuthEventName | '*', handler: AuthEventHandler): () => void;
557
539
 
558
- export { AuthCallback, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type HostConfigOverride, type InternalConfig, type Logger, OAUTH_CONSTANTS, ProtectedRoute, type ResolvedConfig, type RuntimeConfigOverrides, type SDKConfig, type RuntimeConfig as SDKRuntimeConfig, STORAGE_KEYS, STORAGE_KEY_PREFIX, SanitizedError, type StorageAdapter, type StorageNamespace, type TenantConfig, type TenantResolver, type TokenResponse, type TokenStorageAdapter, type Unsubscribe, type UrlProvider, bootstrap, buildStorageKey, createAuthEngine, createCookieStorageAdapter, createMemoryStorageAdapter, createOAuth2PkceStrategy, createSecureSessionStorageAdapter, emitAuthEvent, enforceHttps, ensureValidAccessToken, extractTenantKey, getAccessToken$1 as getAccessToken, getAuthRuntime, getConfig, getEnvConfig, getStorageAdapter, getStorageNamespace, getAccessToken as getStoredAccessToken, hasEnvFallback, isAccessTokenExpired, isCallbackUrl, logout, refreshAccessToken, resetCookieWatcher, resolveConfig, resolveTenant, sanitizeErrorMessage, setAuthRuntime, setConfig, setStorageContext, startCookieWatcher, stopCookieWatcher, subscribeAuthEvent, useAuth, useAuthContext, useAuthInit };
540
+ export { AuthCallback, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type HostConfigOverride, type Logger, OAUTH_CONSTANTS, ProtectedRoute, type ResolvedConfig, type SDKConfig, STORAGE_KEYS, STORAGE_KEY_PREFIX, SanitizedError, type StorageAdapter, type StorageNamespace, type TenantConfig, type TenantResolver, type TokenResponse, type TokenStorageAdapter, type Unsubscribe, type UrlProvider, bootstrap, buildStorageKey, createAuthEngine, createCookieStorageAdapter, createMemoryStorageAdapter, createOAuth2PkceStrategy, createSecureSessionStorageAdapter, emitAuthEvent, enforceHttps, ensureValidAccessToken, extractTenantKey, getAccessToken$1 as getAccessToken, getAuthRuntime, getConfig, getStorageAdapter, getStorageNamespace, getAccessToken as getStoredAccessToken, isAccessTokenExpired, isCallbackUrl, logout, refreshAccessToken, resetCookieWatcher, resolveConfig, resolveTenant, sanitizeErrorMessage, setAuthRuntime, setConfig, setStorageContext, startCookieWatcher, stopCookieWatcher, subscribeAuthEvent, useAuth, useAuthContext, useAuthInit };