tenneo-auth-plugin 1.0.0 → 1.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +109 -25
- package/dist/index.d.ts +109 -25
- package/dist/index.js +979 -876
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +963 -877
- package/dist/index.mjs.map +1 -1
- package/package.json +1 -1
package/dist/index.d.mts
CHANGED
|
@@ -6,29 +6,27 @@ import React from 'react';
|
|
|
6
6
|
declare function bootstrap(): Promise<void>;
|
|
7
7
|
|
|
8
8
|
/**
|
|
9
|
-
* Logout
|
|
10
|
-
* Sets force_login, clears auth storage; does not redirect (bootstrap handles that).
|
|
9
|
+
* Logout: idempotent, host-driven config, no fragile host_config snapshot/restore.
|
|
11
10
|
*
|
|
12
|
-
*
|
|
13
|
-
* -
|
|
14
|
-
* -
|
|
15
|
-
* -
|
|
16
|
-
* - Watcher lifecycle correctness
|
|
17
|
-
* - CSRF protection (when host app provides a token)
|
|
11
|
+
* - Watchers suspended during teardown to avoid bootstrap races
|
|
12
|
+
* - Server logout: POST only (no unsafe GET fallback)
|
|
13
|
+
* - Local state always cleared even if server fails
|
|
14
|
+
* - Storage cache refreshed from current runtime config (memory/host), never a stale snapshot
|
|
18
15
|
*/
|
|
19
16
|
interface LogoutResponse {
|
|
20
17
|
success?: boolean;
|
|
21
18
|
message?: string;
|
|
22
19
|
logout?: boolean;
|
|
23
20
|
}
|
|
24
|
-
|
|
25
|
-
* Public logout API – keeps signature/backward-compatibility.
|
|
26
|
-
*/
|
|
27
|
-
declare function logout(tenantKey?: string): Promise<{
|
|
21
|
+
type LogoutResult = {
|
|
28
22
|
success: boolean;
|
|
29
23
|
message: string;
|
|
30
24
|
serverResponse?: LogoutResponse;
|
|
31
|
-
}
|
|
25
|
+
};
|
|
26
|
+
/**
|
|
27
|
+
* Idempotent logout: coalesces concurrent calls in the same JS realm; cross-tab deduped via short lock.
|
|
28
|
+
*/
|
|
29
|
+
declare function logout(tenantKey?: string): Promise<LogoutResult>;
|
|
32
30
|
|
|
33
31
|
/**
|
|
34
32
|
* Domain types for the authentication gateway plugin.
|
|
@@ -221,8 +219,13 @@ interface SDKConfig {
|
|
|
221
219
|
authServerUrl?: string;
|
|
222
220
|
/** Callback/redirect URL (full URL). */
|
|
223
221
|
callbackUrl?: string;
|
|
222
|
+
/** Alias some hosts use for OAuth redirect URI (same as callbackUrl). */
|
|
223
|
+
redirectUri?: string;
|
|
224
224
|
/** Optional tenant code/key (used for tenant resolution). */
|
|
225
225
|
tenantCode?: string;
|
|
226
|
+
tenantKey?: string;
|
|
227
|
+
/** Optional app identifier (storage namespacing). */
|
|
228
|
+
appId?: string;
|
|
226
229
|
/** Optional runtime identifiers (may be returned from tenant API). */
|
|
227
230
|
clientId?: string;
|
|
228
231
|
tenantId?: string;
|
|
@@ -236,8 +239,73 @@ interface ResolvedConfig {
|
|
|
236
239
|
authServerUrl: string;
|
|
237
240
|
callbackUrl: string;
|
|
238
241
|
clientCode: string;
|
|
242
|
+
tenantCode: string;
|
|
243
|
+
appId: string;
|
|
244
|
+
/** OAuth client id (may match clientCode / public client). */
|
|
245
|
+
clientId: string;
|
|
246
|
+
/** Tenant id from tenant resolution API when available. */
|
|
247
|
+
tenantId: string;
|
|
239
248
|
}
|
|
240
|
-
|
|
249
|
+
|
|
250
|
+
/**
|
|
251
|
+
* Host-aware config resolution: memory → host bridge (window / provider) → storage cache (fallback).
|
|
252
|
+
* Does not import application/storage barrel to avoid circular deps — uses storage/kv only.
|
|
253
|
+
*/
|
|
254
|
+
|
|
255
|
+
type ConfigLayerSource = 'override' | 'memory' | 'host_bridge' | 'storage_cache';
|
|
256
|
+
declare global {
|
|
257
|
+
interface Window {
|
|
258
|
+
/** Optional host-injected auth config (runtime). Lowest priority vs setConfig memory, above storage cache. */
|
|
259
|
+
__TENNEO_AUTH_HOST__?: Partial<SDKConfig>;
|
|
260
|
+
}
|
|
261
|
+
}
|
|
262
|
+
declare function setConfig(overrides: HostConfigOverride): void;
|
|
263
|
+
declare function setHostConfigProvider(fn: (() => Partial<SDKConfig> | null | undefined) | null): void;
|
|
264
|
+
interface FieldSourceMap {
|
|
265
|
+
tenantCode?: ConfigLayerSource;
|
|
266
|
+
tenantKey?: ConfigLayerSource;
|
|
267
|
+
apiBaseUrl?: ConfigLayerSource;
|
|
268
|
+
authServerUrl?: ConfigLayerSource;
|
|
269
|
+
callbackUrl?: ConfigLayerSource;
|
|
270
|
+
clientCode?: ConfigLayerSource;
|
|
271
|
+
clientId?: ConfigLayerSource;
|
|
272
|
+
tenantId?: ConfigLayerSource;
|
|
273
|
+
appId?: ConfigLayerSource;
|
|
274
|
+
}
|
|
275
|
+
/**
|
|
276
|
+
* Per-field source for debugging (first layer that supplied a non-empty value).
|
|
277
|
+
*/
|
|
278
|
+
declare function getConfigFieldSources(overrides?: HostConfigOverride): FieldSourceMap;
|
|
279
|
+
declare function getEffectiveTenantCode(overrides?: HostConfigOverride): string;
|
|
280
|
+
/** @alias getEffectiveTenantCode — tenant_key / tenant_code / clientCode from resolved config */
|
|
281
|
+
declare const getEffectiveTenantKey: typeof getEffectiveTenantCode;
|
|
282
|
+
interface GetAuthConfigOptions {
|
|
283
|
+
/** When true, throws if required OAuth / tenant fields are missing. */
|
|
284
|
+
strict?: boolean;
|
|
285
|
+
overrides?: HostConfigOverride;
|
|
286
|
+
}
|
|
287
|
+
declare class AuthConfigError extends Error {
|
|
288
|
+
readonly code = "AUTH_CONFIG_MISSING";
|
|
289
|
+
readonly missing: string[];
|
|
290
|
+
constructor(missing: string[], message?: string);
|
|
291
|
+
}
|
|
292
|
+
declare function resolveConfig(overrides?: HostConfigOverride): ResolvedConfig;
|
|
293
|
+
/**
|
|
294
|
+
* Persist a non-authoritative copy for early readers (bootstrap before React).
|
|
295
|
+
* Never use as sole source of truth — memory/host win at resolve time.
|
|
296
|
+
*/
|
|
297
|
+
/**
|
|
298
|
+
* After logout or host-driven updates: persist a cache snapshot from current resolved SDK config (non-empty fields only).
|
|
299
|
+
*/
|
|
300
|
+
declare function syncHostConfigCacheFromMemory(): void;
|
|
301
|
+
declare function writeHostConfigCache(partial: HostConfigOverride): void;
|
|
302
|
+
/**
|
|
303
|
+
* Host entrypoint: merge into memory and optionally refresh storage cache.
|
|
304
|
+
*/
|
|
305
|
+
declare function initPlugin(config: HostConfigOverride, opts?: {
|
|
306
|
+
syncStorageCache?: boolean;
|
|
307
|
+
}): void;
|
|
308
|
+
declare function logConfigResolutionDebug(context: string, overrides?: HostConfigOverride): void;
|
|
241
309
|
|
|
242
310
|
/**
|
|
243
311
|
* OAuth constants and storage keys. No config resolution — pure constants.
|
|
@@ -262,23 +330,24 @@ declare const STORAGE_KEYS: {
|
|
|
262
330
|
readonly expiresAt: "tenneo_auth_expires_at";
|
|
263
331
|
};
|
|
264
332
|
|
|
265
|
-
/**
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
* Everything comes from the host app via `setConfig()` / `AuthProvider` props.
|
|
270
|
-
*/
|
|
271
|
-
|
|
272
|
-
declare function resolveConfig(overrides?: HostConfigOverride): ResolvedConfig;
|
|
333
|
+
/** Resolved config; pass `{ strict: true }` to fail fast if OAuth fields are missing. */
|
|
334
|
+
declare function getAuthConfig(options?: GetAuthConfigOptions): ResolvedConfig;
|
|
335
|
+
/** Fail fast when authServerUrl, callbackUrl, or tenant are missing. */
|
|
336
|
+
declare function requireAuthConfig(overrides?: HostConfigOverride): ResolvedConfig;
|
|
273
337
|
declare function getConfig(): ResolvedConfig;
|
|
274
|
-
declare function setConfig(overrides: HostConfigOverride): void;
|
|
275
338
|
declare const Config: {
|
|
276
339
|
readonly getApiBaseUrl: () => string;
|
|
277
340
|
readonly getAuthServerUrl: () => string;
|
|
278
341
|
readonly getClientCode: () => string;
|
|
279
342
|
readonly getRedirectUri: () => string;
|
|
280
|
-
readonly getAll: () =>
|
|
343
|
+
readonly getAll: () => ResolvedConfig;
|
|
281
344
|
};
|
|
345
|
+
/**
|
|
346
|
+
* Apply tenant switch in runtime config (memory + optional cache). Does not read stale snapshots.
|
|
347
|
+
*/
|
|
348
|
+
declare function applyRuntimeTenantSwitch(tenantKey: string, opts?: {
|
|
349
|
+
syncStorageCache?: boolean;
|
|
350
|
+
}): void;
|
|
282
351
|
|
|
283
352
|
/**
|
|
284
353
|
* React Context Provider for authentication state (FINAL)
|
|
@@ -511,6 +580,21 @@ declare function startCookieWatcher(): void;
|
|
|
511
580
|
declare function stopCookieWatcher(): void;
|
|
512
581
|
declare function resetCookieWatcher(): void;
|
|
513
582
|
|
|
583
|
+
/**
|
|
584
|
+
* Storage watcher to detect manual storage clears and restart auth flow.
|
|
585
|
+
* Infrastructure layer: uses storage and callback; application sets callback to bootstrap.
|
|
586
|
+
*/
|
|
587
|
+
declare function startStorageWatcher(): void;
|
|
588
|
+
declare function stopStorageWatcher(): void;
|
|
589
|
+
|
|
590
|
+
/**
|
|
591
|
+
* Suppress watcher side effects during intentional auth teardown (e.g. logout).
|
|
592
|
+
* Deterministic: set before storage/cookie mutation, clear after cleanup completes.
|
|
593
|
+
*/
|
|
594
|
+
declare function suspendWatchers(): number;
|
|
595
|
+
declare function resumeWatchers(expectedGen?: number): void;
|
|
596
|
+
declare function areWatchersSuspended(): boolean;
|
|
597
|
+
|
|
514
598
|
/**
|
|
515
599
|
* Structured auth event emitter for observability and audit.
|
|
516
600
|
*/
|
|
@@ -539,4 +623,4 @@ type AuthEventHandler = (payload?: AuthEventPayload) => void;
|
|
|
539
623
|
declare function emitAuthEvent(event: AuthEventName, payload?: AuthEventPayload): void;
|
|
540
624
|
declare function subscribeAuthEvent(event: AuthEventName | '*', handler: AuthEventHandler): () => void;
|
|
541
625
|
|
|
542
|
-
export { AuthCallback, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type HostConfigOverride, type Logger, OAUTH_CONSTANTS, ProtectedRoute, type ResolvedConfig, type SDKConfig, STORAGE_KEYS, STORAGE_KEY_PREFIX, SanitizedError, type StorageAdapter, type StorageNamespace, type TenantConfig, type TenantResolver, type TokenResponse, type TokenStorageAdapter, type Unsubscribe, type UrlProvider, bootstrap, buildStorageKey, createAuthEngine, createCookieStorageAdapter, createMemoryStorageAdapter, createOAuth2PkceStrategy, createSecureSessionStorageAdapter, emitAuthEvent, enforceHttps, ensureValidAccessToken, extractTenantKey, getAccessToken$1 as getAccessToken, getAuthRuntime, getConfig, getStorageAdapter, getStorageNamespace, getAccessToken as getStoredAccessToken, isAccessTokenExpired, isCallbackUrl, logout, refreshAccessToken, resetCookieWatcher, resolveConfig, resolveTenant, sanitizeErrorMessage, setAuthRuntime, setConfig, setStorageContext, startCookieWatcher, stopCookieWatcher, subscribeAuthEvent, useAuth, useAuthContext, useAuthInit };
|
|
626
|
+
export { AuthCallback, AuthConfigError, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigLayerSource, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type FieldSourceMap, type GetAuthConfigOptions, type HostConfigOverride, type Logger, OAUTH_CONSTANTS, ProtectedRoute, type ResolvedConfig, type SDKConfig, STORAGE_KEYS, STORAGE_KEY_PREFIX, SanitizedError, type StorageAdapter, type StorageNamespace, type TenantConfig, type TenantResolver, type TokenResponse, type TokenStorageAdapter, type Unsubscribe, type UrlProvider, applyRuntimeTenantSwitch, areWatchersSuspended, bootstrap, buildStorageKey, createAuthEngine, createCookieStorageAdapter, createMemoryStorageAdapter, createOAuth2PkceStrategy, createSecureSessionStorageAdapter, emitAuthEvent, enforceHttps, ensureValidAccessToken, extractTenantKey, getAccessToken$1 as getAccessToken, getAuthConfig, getAuthRuntime, getConfig, getConfigFieldSources, getEffectiveTenantCode, getEffectiveTenantKey, getStorageAdapter, getStorageNamespace, getAccessToken as getStoredAccessToken, initPlugin, isAccessTokenExpired, isCallbackUrl, logConfigResolutionDebug, logout, refreshAccessToken, requireAuthConfig, resetCookieWatcher, resolveConfig, resolveTenant, resumeWatchers, sanitizeErrorMessage, setAuthRuntime, setConfig, setHostConfigProvider, setStorageContext, startCookieWatcher, startStorageWatcher, stopCookieWatcher, stopStorageWatcher, subscribeAuthEvent, suspendWatchers, syncHostConfigCacheFromMemory, useAuth, useAuthContext, useAuthInit, writeHostConfigCache };
|
package/dist/index.d.ts
CHANGED
|
@@ -6,29 +6,27 @@ import React from 'react';
|
|
|
6
6
|
declare function bootstrap(): Promise<void>;
|
|
7
7
|
|
|
8
8
|
/**
|
|
9
|
-
* Logout
|
|
10
|
-
* Sets force_login, clears auth storage; does not redirect (bootstrap handles that).
|
|
9
|
+
* Logout: idempotent, host-driven config, no fragile host_config snapshot/restore.
|
|
11
10
|
*
|
|
12
|
-
*
|
|
13
|
-
* -
|
|
14
|
-
* -
|
|
15
|
-
* -
|
|
16
|
-
* - Watcher lifecycle correctness
|
|
17
|
-
* - CSRF protection (when host app provides a token)
|
|
11
|
+
* - Watchers suspended during teardown to avoid bootstrap races
|
|
12
|
+
* - Server logout: POST only (no unsafe GET fallback)
|
|
13
|
+
* - Local state always cleared even if server fails
|
|
14
|
+
* - Storage cache refreshed from current runtime config (memory/host), never a stale snapshot
|
|
18
15
|
*/
|
|
19
16
|
interface LogoutResponse {
|
|
20
17
|
success?: boolean;
|
|
21
18
|
message?: string;
|
|
22
19
|
logout?: boolean;
|
|
23
20
|
}
|
|
24
|
-
|
|
25
|
-
* Public logout API – keeps signature/backward-compatibility.
|
|
26
|
-
*/
|
|
27
|
-
declare function logout(tenantKey?: string): Promise<{
|
|
21
|
+
type LogoutResult = {
|
|
28
22
|
success: boolean;
|
|
29
23
|
message: string;
|
|
30
24
|
serverResponse?: LogoutResponse;
|
|
31
|
-
}
|
|
25
|
+
};
|
|
26
|
+
/**
|
|
27
|
+
* Idempotent logout: coalesces concurrent calls in the same JS realm; cross-tab deduped via short lock.
|
|
28
|
+
*/
|
|
29
|
+
declare function logout(tenantKey?: string): Promise<LogoutResult>;
|
|
32
30
|
|
|
33
31
|
/**
|
|
34
32
|
* Domain types for the authentication gateway plugin.
|
|
@@ -221,8 +219,13 @@ interface SDKConfig {
|
|
|
221
219
|
authServerUrl?: string;
|
|
222
220
|
/** Callback/redirect URL (full URL). */
|
|
223
221
|
callbackUrl?: string;
|
|
222
|
+
/** Alias some hosts use for OAuth redirect URI (same as callbackUrl). */
|
|
223
|
+
redirectUri?: string;
|
|
224
224
|
/** Optional tenant code/key (used for tenant resolution). */
|
|
225
225
|
tenantCode?: string;
|
|
226
|
+
tenantKey?: string;
|
|
227
|
+
/** Optional app identifier (storage namespacing). */
|
|
228
|
+
appId?: string;
|
|
226
229
|
/** Optional runtime identifiers (may be returned from tenant API). */
|
|
227
230
|
clientId?: string;
|
|
228
231
|
tenantId?: string;
|
|
@@ -236,8 +239,73 @@ interface ResolvedConfig {
|
|
|
236
239
|
authServerUrl: string;
|
|
237
240
|
callbackUrl: string;
|
|
238
241
|
clientCode: string;
|
|
242
|
+
tenantCode: string;
|
|
243
|
+
appId: string;
|
|
244
|
+
/** OAuth client id (may match clientCode / public client). */
|
|
245
|
+
clientId: string;
|
|
246
|
+
/** Tenant id from tenant resolution API when available. */
|
|
247
|
+
tenantId: string;
|
|
239
248
|
}
|
|
240
|
-
|
|
249
|
+
|
|
250
|
+
/**
|
|
251
|
+
* Host-aware config resolution: memory → host bridge (window / provider) → storage cache (fallback).
|
|
252
|
+
* Does not import application/storage barrel to avoid circular deps — uses storage/kv only.
|
|
253
|
+
*/
|
|
254
|
+
|
|
255
|
+
type ConfigLayerSource = 'override' | 'memory' | 'host_bridge' | 'storage_cache';
|
|
256
|
+
declare global {
|
|
257
|
+
interface Window {
|
|
258
|
+
/** Optional host-injected auth config (runtime). Lowest priority vs setConfig memory, above storage cache. */
|
|
259
|
+
__TENNEO_AUTH_HOST__?: Partial<SDKConfig>;
|
|
260
|
+
}
|
|
261
|
+
}
|
|
262
|
+
declare function setConfig(overrides: HostConfigOverride): void;
|
|
263
|
+
declare function setHostConfigProvider(fn: (() => Partial<SDKConfig> | null | undefined) | null): void;
|
|
264
|
+
interface FieldSourceMap {
|
|
265
|
+
tenantCode?: ConfigLayerSource;
|
|
266
|
+
tenantKey?: ConfigLayerSource;
|
|
267
|
+
apiBaseUrl?: ConfigLayerSource;
|
|
268
|
+
authServerUrl?: ConfigLayerSource;
|
|
269
|
+
callbackUrl?: ConfigLayerSource;
|
|
270
|
+
clientCode?: ConfigLayerSource;
|
|
271
|
+
clientId?: ConfigLayerSource;
|
|
272
|
+
tenantId?: ConfigLayerSource;
|
|
273
|
+
appId?: ConfigLayerSource;
|
|
274
|
+
}
|
|
275
|
+
/**
|
|
276
|
+
* Per-field source for debugging (first layer that supplied a non-empty value).
|
|
277
|
+
*/
|
|
278
|
+
declare function getConfigFieldSources(overrides?: HostConfigOverride): FieldSourceMap;
|
|
279
|
+
declare function getEffectiveTenantCode(overrides?: HostConfigOverride): string;
|
|
280
|
+
/** @alias getEffectiveTenantCode — tenant_key / tenant_code / clientCode from resolved config */
|
|
281
|
+
declare const getEffectiveTenantKey: typeof getEffectiveTenantCode;
|
|
282
|
+
interface GetAuthConfigOptions {
|
|
283
|
+
/** When true, throws if required OAuth / tenant fields are missing. */
|
|
284
|
+
strict?: boolean;
|
|
285
|
+
overrides?: HostConfigOverride;
|
|
286
|
+
}
|
|
287
|
+
declare class AuthConfigError extends Error {
|
|
288
|
+
readonly code = "AUTH_CONFIG_MISSING";
|
|
289
|
+
readonly missing: string[];
|
|
290
|
+
constructor(missing: string[], message?: string);
|
|
291
|
+
}
|
|
292
|
+
declare function resolveConfig(overrides?: HostConfigOverride): ResolvedConfig;
|
|
293
|
+
/**
|
|
294
|
+
* Persist a non-authoritative copy for early readers (bootstrap before React).
|
|
295
|
+
* Never use as sole source of truth — memory/host win at resolve time.
|
|
296
|
+
*/
|
|
297
|
+
/**
|
|
298
|
+
* After logout or host-driven updates: persist a cache snapshot from current resolved SDK config (non-empty fields only).
|
|
299
|
+
*/
|
|
300
|
+
declare function syncHostConfigCacheFromMemory(): void;
|
|
301
|
+
declare function writeHostConfigCache(partial: HostConfigOverride): void;
|
|
302
|
+
/**
|
|
303
|
+
* Host entrypoint: merge into memory and optionally refresh storage cache.
|
|
304
|
+
*/
|
|
305
|
+
declare function initPlugin(config: HostConfigOverride, opts?: {
|
|
306
|
+
syncStorageCache?: boolean;
|
|
307
|
+
}): void;
|
|
308
|
+
declare function logConfigResolutionDebug(context: string, overrides?: HostConfigOverride): void;
|
|
241
309
|
|
|
242
310
|
/**
|
|
243
311
|
* OAuth constants and storage keys. No config resolution — pure constants.
|
|
@@ -262,23 +330,24 @@ declare const STORAGE_KEYS: {
|
|
|
262
330
|
readonly expiresAt: "tenneo_auth_expires_at";
|
|
263
331
|
};
|
|
264
332
|
|
|
265
|
-
/**
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
* Everything comes from the host app via `setConfig()` / `AuthProvider` props.
|
|
270
|
-
*/
|
|
271
|
-
|
|
272
|
-
declare function resolveConfig(overrides?: HostConfigOverride): ResolvedConfig;
|
|
333
|
+
/** Resolved config; pass `{ strict: true }` to fail fast if OAuth fields are missing. */
|
|
334
|
+
declare function getAuthConfig(options?: GetAuthConfigOptions): ResolvedConfig;
|
|
335
|
+
/** Fail fast when authServerUrl, callbackUrl, or tenant are missing. */
|
|
336
|
+
declare function requireAuthConfig(overrides?: HostConfigOverride): ResolvedConfig;
|
|
273
337
|
declare function getConfig(): ResolvedConfig;
|
|
274
|
-
declare function setConfig(overrides: HostConfigOverride): void;
|
|
275
338
|
declare const Config: {
|
|
276
339
|
readonly getApiBaseUrl: () => string;
|
|
277
340
|
readonly getAuthServerUrl: () => string;
|
|
278
341
|
readonly getClientCode: () => string;
|
|
279
342
|
readonly getRedirectUri: () => string;
|
|
280
|
-
readonly getAll: () =>
|
|
343
|
+
readonly getAll: () => ResolvedConfig;
|
|
281
344
|
};
|
|
345
|
+
/**
|
|
346
|
+
* Apply tenant switch in runtime config (memory + optional cache). Does not read stale snapshots.
|
|
347
|
+
*/
|
|
348
|
+
declare function applyRuntimeTenantSwitch(tenantKey: string, opts?: {
|
|
349
|
+
syncStorageCache?: boolean;
|
|
350
|
+
}): void;
|
|
282
351
|
|
|
283
352
|
/**
|
|
284
353
|
* React Context Provider for authentication state (FINAL)
|
|
@@ -511,6 +580,21 @@ declare function startCookieWatcher(): void;
|
|
|
511
580
|
declare function stopCookieWatcher(): void;
|
|
512
581
|
declare function resetCookieWatcher(): void;
|
|
513
582
|
|
|
583
|
+
/**
|
|
584
|
+
* Storage watcher to detect manual storage clears and restart auth flow.
|
|
585
|
+
* Infrastructure layer: uses storage and callback; application sets callback to bootstrap.
|
|
586
|
+
*/
|
|
587
|
+
declare function startStorageWatcher(): void;
|
|
588
|
+
declare function stopStorageWatcher(): void;
|
|
589
|
+
|
|
590
|
+
/**
|
|
591
|
+
* Suppress watcher side effects during intentional auth teardown (e.g. logout).
|
|
592
|
+
* Deterministic: set before storage/cookie mutation, clear after cleanup completes.
|
|
593
|
+
*/
|
|
594
|
+
declare function suspendWatchers(): number;
|
|
595
|
+
declare function resumeWatchers(expectedGen?: number): void;
|
|
596
|
+
declare function areWatchersSuspended(): boolean;
|
|
597
|
+
|
|
514
598
|
/**
|
|
515
599
|
* Structured auth event emitter for observability and audit.
|
|
516
600
|
*/
|
|
@@ -539,4 +623,4 @@ type AuthEventHandler = (payload?: AuthEventPayload) => void;
|
|
|
539
623
|
declare function emitAuthEvent(event: AuthEventName, payload?: AuthEventPayload): void;
|
|
540
624
|
declare function subscribeAuthEvent(event: AuthEventName | '*', handler: AuthEventHandler): () => void;
|
|
541
625
|
|
|
542
|
-
export { AuthCallback, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type HostConfigOverride, type Logger, OAUTH_CONSTANTS, ProtectedRoute, type ResolvedConfig, type SDKConfig, STORAGE_KEYS, STORAGE_KEY_PREFIX, SanitizedError, type StorageAdapter, type StorageNamespace, type TenantConfig, type TenantResolver, type TokenResponse, type TokenStorageAdapter, type Unsubscribe, type UrlProvider, bootstrap, buildStorageKey, createAuthEngine, createCookieStorageAdapter, createMemoryStorageAdapter, createOAuth2PkceStrategy, createSecureSessionStorageAdapter, emitAuthEvent, enforceHttps, ensureValidAccessToken, extractTenantKey, getAccessToken$1 as getAccessToken, getAuthRuntime, getConfig, getStorageAdapter, getStorageNamespace, getAccessToken as getStoredAccessToken, isAccessTokenExpired, isCallbackUrl, logout, refreshAccessToken, resetCookieWatcher, resolveConfig, resolveTenant, sanitizeErrorMessage, setAuthRuntime, setConfig, setStorageContext, startCookieWatcher, stopCookieWatcher, subscribeAuthEvent, useAuth, useAuthContext, useAuthInit };
|
|
626
|
+
export { AuthCallback, AuthConfigError, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigLayerSource, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type FieldSourceMap, type GetAuthConfigOptions, type HostConfigOverride, type Logger, OAUTH_CONSTANTS, ProtectedRoute, type ResolvedConfig, type SDKConfig, STORAGE_KEYS, STORAGE_KEY_PREFIX, SanitizedError, type StorageAdapter, type StorageNamespace, type TenantConfig, type TenantResolver, type TokenResponse, type TokenStorageAdapter, type Unsubscribe, type UrlProvider, applyRuntimeTenantSwitch, areWatchersSuspended, bootstrap, buildStorageKey, createAuthEngine, createCookieStorageAdapter, createMemoryStorageAdapter, createOAuth2PkceStrategy, createSecureSessionStorageAdapter, emitAuthEvent, enforceHttps, ensureValidAccessToken, extractTenantKey, getAccessToken$1 as getAccessToken, getAuthConfig, getAuthRuntime, getConfig, getConfigFieldSources, getEffectiveTenantCode, getEffectiveTenantKey, getStorageAdapter, getStorageNamespace, getAccessToken as getStoredAccessToken, initPlugin, isAccessTokenExpired, isCallbackUrl, logConfigResolutionDebug, logout, refreshAccessToken, requireAuthConfig, resetCookieWatcher, resolveConfig, resolveTenant, resumeWatchers, sanitizeErrorMessage, setAuthRuntime, setConfig, setHostConfigProvider, setStorageContext, startCookieWatcher, startStorageWatcher, stopCookieWatcher, stopStorageWatcher, subscribeAuthEvent, suspendWatchers, syncHostConfigCacheFromMemory, useAuth, useAuthContext, useAuthInit, writeHostConfigCache };
|