tenneo-auth-plugin 1.0.0 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.mts CHANGED
@@ -6,29 +6,27 @@ import React from 'react';
6
6
  declare function bootstrap(): Promise<void>;
7
7
 
8
8
  /**
9
- * Logout functionality.
10
- * Sets force_login, clears auth storage; does not redirect (bootstrap handles that).
9
+ * Logout: idempotent, host-driven config, no fragile host_config snapshot/restore.
11
10
  *
12
- * This module is hardened for:
13
- * - Multi-tab race safety (timestamp-based lock)
14
- * - Proper server logout validation
15
- * - Scoped auth storage cleanup
16
- * - Watcher lifecycle correctness
17
- * - CSRF protection (when host app provides a token)
11
+ * - Watchers suspended during teardown to avoid bootstrap races
12
+ * - Server logout: POST only (no unsafe GET fallback)
13
+ * - Local state always cleared even if server fails
14
+ * - Storage cache refreshed from current runtime config (memory/host), never a stale snapshot
18
15
  */
19
16
  interface LogoutResponse {
20
17
  success?: boolean;
21
18
  message?: string;
22
19
  logout?: boolean;
23
20
  }
24
- /**
25
- * Public logout API – keeps signature/backward-compatibility.
26
- */
27
- declare function logout(tenantKey?: string): Promise<{
21
+ type LogoutResult = {
28
22
  success: boolean;
29
23
  message: string;
30
24
  serverResponse?: LogoutResponse;
31
- }>;
25
+ };
26
+ /**
27
+ * Idempotent logout: coalesces concurrent calls in the same JS realm; cross-tab deduped via short lock.
28
+ */
29
+ declare function logout(tenantKey?: string): Promise<LogoutResult>;
32
30
 
33
31
  /**
34
32
  * Domain types for the authentication gateway plugin.
@@ -221,8 +219,13 @@ interface SDKConfig {
221
219
  authServerUrl?: string;
222
220
  /** Callback/redirect URL (full URL). */
223
221
  callbackUrl?: string;
222
+ /** Alias some hosts use for OAuth redirect URI (same as callbackUrl). */
223
+ redirectUri?: string;
224
224
  /** Optional tenant code/key (used for tenant resolution). */
225
225
  tenantCode?: string;
226
+ tenantKey?: string;
227
+ /** Optional app identifier (storage namespacing). */
228
+ appId?: string;
226
229
  /** Optional runtime identifiers (may be returned from tenant API). */
227
230
  clientId?: string;
228
231
  tenantId?: string;
@@ -236,8 +239,73 @@ interface ResolvedConfig {
236
239
  authServerUrl: string;
237
240
  callbackUrl: string;
238
241
  clientCode: string;
242
+ tenantCode: string;
243
+ appId: string;
244
+ /** OAuth client id (may match clientCode / public client). */
245
+ clientId: string;
246
+ /** Tenant id from tenant resolution API when available. */
247
+ tenantId: string;
239
248
  }
240
- type ResolvedHostConfig = ResolvedConfig;
249
+
250
+ /**
251
+ * Host-aware config resolution: memory → host bridge (window / provider) → storage cache (fallback).
252
+ * Does not import application/storage barrel to avoid circular deps — uses storage/kv only.
253
+ */
254
+
255
+ type ConfigLayerSource = 'override' | 'memory' | 'host_bridge' | 'storage_cache';
256
+ declare global {
257
+ interface Window {
258
+ /** Optional host-injected auth config (runtime). Lowest priority vs setConfig memory, above storage cache. */
259
+ __TENNEO_AUTH_HOST__?: Partial<SDKConfig>;
260
+ }
261
+ }
262
+ declare function setConfig(overrides: HostConfigOverride): void;
263
+ declare function setHostConfigProvider(fn: (() => Partial<SDKConfig> | null | undefined) | null): void;
264
+ interface FieldSourceMap {
265
+ tenantCode?: ConfigLayerSource;
266
+ tenantKey?: ConfigLayerSource;
267
+ apiBaseUrl?: ConfigLayerSource;
268
+ authServerUrl?: ConfigLayerSource;
269
+ callbackUrl?: ConfigLayerSource;
270
+ clientCode?: ConfigLayerSource;
271
+ clientId?: ConfigLayerSource;
272
+ tenantId?: ConfigLayerSource;
273
+ appId?: ConfigLayerSource;
274
+ }
275
+ /**
276
+ * Per-field source for debugging (first layer that supplied a non-empty value).
277
+ */
278
+ declare function getConfigFieldSources(overrides?: HostConfigOverride): FieldSourceMap;
279
+ declare function getEffectiveTenantCode(overrides?: HostConfigOverride): string;
280
+ /** @alias getEffectiveTenantCode — tenant_key / tenant_code / clientCode from resolved config */
281
+ declare const getEffectiveTenantKey: typeof getEffectiveTenantCode;
282
+ interface GetAuthConfigOptions {
283
+ /** When true, throws if required OAuth / tenant fields are missing. */
284
+ strict?: boolean;
285
+ overrides?: HostConfigOverride;
286
+ }
287
+ declare class AuthConfigError extends Error {
288
+ readonly code = "AUTH_CONFIG_MISSING";
289
+ readonly missing: string[];
290
+ constructor(missing: string[], message?: string);
291
+ }
292
+ declare function resolveConfig(overrides?: HostConfigOverride): ResolvedConfig;
293
+ /**
294
+ * Persist a non-authoritative copy for early readers (bootstrap before React).
295
+ * Never use as sole source of truth — memory/host win at resolve time.
296
+ */
297
+ /**
298
+ * After logout or host-driven updates: persist a cache snapshot from current resolved SDK config (non-empty fields only).
299
+ */
300
+ declare function syncHostConfigCacheFromMemory(): void;
301
+ declare function writeHostConfigCache(partial: HostConfigOverride): void;
302
+ /**
303
+ * Host entrypoint: merge into memory and optionally refresh storage cache.
304
+ */
305
+ declare function initPlugin(config: HostConfigOverride, opts?: {
306
+ syncStorageCache?: boolean;
307
+ }): void;
308
+ declare function logConfigResolutionDebug(context: string, overrides?: HostConfigOverride): void;
241
309
 
242
310
  /**
243
311
  * OAuth constants and storage keys. No config resolution — pure constants.
@@ -262,23 +330,24 @@ declare const STORAGE_KEYS: {
262
330
  readonly expiresAt: "tenneo_auth_expires_at";
263
331
  };
264
332
 
265
- /**
266
- * Config: minimal host-driven config store + facade.
267
- *
268
- * No "internal" or "runtime" config separation.
269
- * Everything comes from the host app via `setConfig()` / `AuthProvider` props.
270
- */
271
-
272
- declare function resolveConfig(overrides?: HostConfigOverride): ResolvedConfig;
333
+ /** Resolved config; pass `{ strict: true }` to fail fast if OAuth fields are missing. */
334
+ declare function getAuthConfig(options?: GetAuthConfigOptions): ResolvedConfig;
335
+ /** Fail fast when authServerUrl, callbackUrl, or tenant are missing. */
336
+ declare function requireAuthConfig(overrides?: HostConfigOverride): ResolvedConfig;
273
337
  declare function getConfig(): ResolvedConfig;
274
- declare function setConfig(overrides: HostConfigOverride): void;
275
338
  declare const Config: {
276
339
  readonly getApiBaseUrl: () => string;
277
340
  readonly getAuthServerUrl: () => string;
278
341
  readonly getClientCode: () => string;
279
342
  readonly getRedirectUri: () => string;
280
- readonly getAll: () => ResolvedHostConfig;
343
+ readonly getAll: () => ResolvedConfig;
281
344
  };
345
+ /**
346
+ * Apply tenant switch in runtime config (memory + optional cache). Does not read stale snapshots.
347
+ */
348
+ declare function applyRuntimeTenantSwitch(tenantKey: string, opts?: {
349
+ syncStorageCache?: boolean;
350
+ }): void;
282
351
 
283
352
  /**
284
353
  * React Context Provider for authentication state (FINAL)
@@ -511,6 +580,21 @@ declare function startCookieWatcher(): void;
511
580
  declare function stopCookieWatcher(): void;
512
581
  declare function resetCookieWatcher(): void;
513
582
 
583
+ /**
584
+ * Storage watcher to detect manual storage clears and restart auth flow.
585
+ * Infrastructure layer: uses storage and callback; application sets callback to bootstrap.
586
+ */
587
+ declare function startStorageWatcher(): void;
588
+ declare function stopStorageWatcher(): void;
589
+
590
+ /**
591
+ * Suppress watcher side effects during intentional auth teardown (e.g. logout).
592
+ * Deterministic: set before storage/cookie mutation, clear after cleanup completes.
593
+ */
594
+ declare function suspendWatchers(): number;
595
+ declare function resumeWatchers(expectedGen?: number): void;
596
+ declare function areWatchersSuspended(): boolean;
597
+
514
598
  /**
515
599
  * Structured auth event emitter for observability and audit.
516
600
  */
@@ -539,4 +623,4 @@ type AuthEventHandler = (payload?: AuthEventPayload) => void;
539
623
  declare function emitAuthEvent(event: AuthEventName, payload?: AuthEventPayload): void;
540
624
  declare function subscribeAuthEvent(event: AuthEventName | '*', handler: AuthEventHandler): () => void;
541
625
 
542
- export { AuthCallback, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type HostConfigOverride, type Logger, OAUTH_CONSTANTS, ProtectedRoute, type ResolvedConfig, type SDKConfig, STORAGE_KEYS, STORAGE_KEY_PREFIX, SanitizedError, type StorageAdapter, type StorageNamespace, type TenantConfig, type TenantResolver, type TokenResponse, type TokenStorageAdapter, type Unsubscribe, type UrlProvider, bootstrap, buildStorageKey, createAuthEngine, createCookieStorageAdapter, createMemoryStorageAdapter, createOAuth2PkceStrategy, createSecureSessionStorageAdapter, emitAuthEvent, enforceHttps, ensureValidAccessToken, extractTenantKey, getAccessToken$1 as getAccessToken, getAuthRuntime, getConfig, getStorageAdapter, getStorageNamespace, getAccessToken as getStoredAccessToken, isAccessTokenExpired, isCallbackUrl, logout, refreshAccessToken, resetCookieWatcher, resolveConfig, resolveTenant, sanitizeErrorMessage, setAuthRuntime, setConfig, setStorageContext, startCookieWatcher, stopCookieWatcher, subscribeAuthEvent, useAuth, useAuthContext, useAuthInit };
626
+ export { AuthCallback, AuthConfigError, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigLayerSource, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type FieldSourceMap, type GetAuthConfigOptions, type HostConfigOverride, type Logger, OAUTH_CONSTANTS, ProtectedRoute, type ResolvedConfig, type SDKConfig, STORAGE_KEYS, STORAGE_KEY_PREFIX, SanitizedError, type StorageAdapter, type StorageNamespace, type TenantConfig, type TenantResolver, type TokenResponse, type TokenStorageAdapter, type Unsubscribe, type UrlProvider, applyRuntimeTenantSwitch, areWatchersSuspended, bootstrap, buildStorageKey, createAuthEngine, createCookieStorageAdapter, createMemoryStorageAdapter, createOAuth2PkceStrategy, createSecureSessionStorageAdapter, emitAuthEvent, enforceHttps, ensureValidAccessToken, extractTenantKey, getAccessToken$1 as getAccessToken, getAuthConfig, getAuthRuntime, getConfig, getConfigFieldSources, getEffectiveTenantCode, getEffectiveTenantKey, getStorageAdapter, getStorageNamespace, getAccessToken as getStoredAccessToken, initPlugin, isAccessTokenExpired, isCallbackUrl, logConfigResolutionDebug, logout, refreshAccessToken, requireAuthConfig, resetCookieWatcher, resolveConfig, resolveTenant, resumeWatchers, sanitizeErrorMessage, setAuthRuntime, setConfig, setHostConfigProvider, setStorageContext, startCookieWatcher, startStorageWatcher, stopCookieWatcher, stopStorageWatcher, subscribeAuthEvent, suspendWatchers, syncHostConfigCacheFromMemory, useAuth, useAuthContext, useAuthInit, writeHostConfigCache };
package/dist/index.d.ts CHANGED
@@ -6,29 +6,27 @@ import React from 'react';
6
6
  declare function bootstrap(): Promise<void>;
7
7
 
8
8
  /**
9
- * Logout functionality.
10
- * Sets force_login, clears auth storage; does not redirect (bootstrap handles that).
9
+ * Logout: idempotent, host-driven config, no fragile host_config snapshot/restore.
11
10
  *
12
- * This module is hardened for:
13
- * - Multi-tab race safety (timestamp-based lock)
14
- * - Proper server logout validation
15
- * - Scoped auth storage cleanup
16
- * - Watcher lifecycle correctness
17
- * - CSRF protection (when host app provides a token)
11
+ * - Watchers suspended during teardown to avoid bootstrap races
12
+ * - Server logout: POST only (no unsafe GET fallback)
13
+ * - Local state always cleared even if server fails
14
+ * - Storage cache refreshed from current runtime config (memory/host), never a stale snapshot
18
15
  */
19
16
  interface LogoutResponse {
20
17
  success?: boolean;
21
18
  message?: string;
22
19
  logout?: boolean;
23
20
  }
24
- /**
25
- * Public logout API – keeps signature/backward-compatibility.
26
- */
27
- declare function logout(tenantKey?: string): Promise<{
21
+ type LogoutResult = {
28
22
  success: boolean;
29
23
  message: string;
30
24
  serverResponse?: LogoutResponse;
31
- }>;
25
+ };
26
+ /**
27
+ * Idempotent logout: coalesces concurrent calls in the same JS realm; cross-tab deduped via short lock.
28
+ */
29
+ declare function logout(tenantKey?: string): Promise<LogoutResult>;
32
30
 
33
31
  /**
34
32
  * Domain types for the authentication gateway plugin.
@@ -221,8 +219,13 @@ interface SDKConfig {
221
219
  authServerUrl?: string;
222
220
  /** Callback/redirect URL (full URL). */
223
221
  callbackUrl?: string;
222
+ /** Alias some hosts use for OAuth redirect URI (same as callbackUrl). */
223
+ redirectUri?: string;
224
224
  /** Optional tenant code/key (used for tenant resolution). */
225
225
  tenantCode?: string;
226
+ tenantKey?: string;
227
+ /** Optional app identifier (storage namespacing). */
228
+ appId?: string;
226
229
  /** Optional runtime identifiers (may be returned from tenant API). */
227
230
  clientId?: string;
228
231
  tenantId?: string;
@@ -236,8 +239,73 @@ interface ResolvedConfig {
236
239
  authServerUrl: string;
237
240
  callbackUrl: string;
238
241
  clientCode: string;
242
+ tenantCode: string;
243
+ appId: string;
244
+ /** OAuth client id (may match clientCode / public client). */
245
+ clientId: string;
246
+ /** Tenant id from tenant resolution API when available. */
247
+ tenantId: string;
239
248
  }
240
- type ResolvedHostConfig = ResolvedConfig;
249
+
250
+ /**
251
+ * Host-aware config resolution: memory → host bridge (window / provider) → storage cache (fallback).
252
+ * Does not import application/storage barrel to avoid circular deps — uses storage/kv only.
253
+ */
254
+
255
+ type ConfigLayerSource = 'override' | 'memory' | 'host_bridge' | 'storage_cache';
256
+ declare global {
257
+ interface Window {
258
+ /** Optional host-injected auth config (runtime). Lowest priority vs setConfig memory, above storage cache. */
259
+ __TENNEO_AUTH_HOST__?: Partial<SDKConfig>;
260
+ }
261
+ }
262
+ declare function setConfig(overrides: HostConfigOverride): void;
263
+ declare function setHostConfigProvider(fn: (() => Partial<SDKConfig> | null | undefined) | null): void;
264
+ interface FieldSourceMap {
265
+ tenantCode?: ConfigLayerSource;
266
+ tenantKey?: ConfigLayerSource;
267
+ apiBaseUrl?: ConfigLayerSource;
268
+ authServerUrl?: ConfigLayerSource;
269
+ callbackUrl?: ConfigLayerSource;
270
+ clientCode?: ConfigLayerSource;
271
+ clientId?: ConfigLayerSource;
272
+ tenantId?: ConfigLayerSource;
273
+ appId?: ConfigLayerSource;
274
+ }
275
+ /**
276
+ * Per-field source for debugging (first layer that supplied a non-empty value).
277
+ */
278
+ declare function getConfigFieldSources(overrides?: HostConfigOverride): FieldSourceMap;
279
+ declare function getEffectiveTenantCode(overrides?: HostConfigOverride): string;
280
+ /** @alias getEffectiveTenantCode — tenant_key / tenant_code / clientCode from resolved config */
281
+ declare const getEffectiveTenantKey: typeof getEffectiveTenantCode;
282
+ interface GetAuthConfigOptions {
283
+ /** When true, throws if required OAuth / tenant fields are missing. */
284
+ strict?: boolean;
285
+ overrides?: HostConfigOverride;
286
+ }
287
+ declare class AuthConfigError extends Error {
288
+ readonly code = "AUTH_CONFIG_MISSING";
289
+ readonly missing: string[];
290
+ constructor(missing: string[], message?: string);
291
+ }
292
+ declare function resolveConfig(overrides?: HostConfigOverride): ResolvedConfig;
293
+ /**
294
+ * Persist a non-authoritative copy for early readers (bootstrap before React).
295
+ * Never use as sole source of truth — memory/host win at resolve time.
296
+ */
297
+ /**
298
+ * After logout or host-driven updates: persist a cache snapshot from current resolved SDK config (non-empty fields only).
299
+ */
300
+ declare function syncHostConfigCacheFromMemory(): void;
301
+ declare function writeHostConfigCache(partial: HostConfigOverride): void;
302
+ /**
303
+ * Host entrypoint: merge into memory and optionally refresh storage cache.
304
+ */
305
+ declare function initPlugin(config: HostConfigOverride, opts?: {
306
+ syncStorageCache?: boolean;
307
+ }): void;
308
+ declare function logConfigResolutionDebug(context: string, overrides?: HostConfigOverride): void;
241
309
 
242
310
  /**
243
311
  * OAuth constants and storage keys. No config resolution — pure constants.
@@ -262,23 +330,24 @@ declare const STORAGE_KEYS: {
262
330
  readonly expiresAt: "tenneo_auth_expires_at";
263
331
  };
264
332
 
265
- /**
266
- * Config: minimal host-driven config store + facade.
267
- *
268
- * No "internal" or "runtime" config separation.
269
- * Everything comes from the host app via `setConfig()` / `AuthProvider` props.
270
- */
271
-
272
- declare function resolveConfig(overrides?: HostConfigOverride): ResolvedConfig;
333
+ /** Resolved config; pass `{ strict: true }` to fail fast if OAuth fields are missing. */
334
+ declare function getAuthConfig(options?: GetAuthConfigOptions): ResolvedConfig;
335
+ /** Fail fast when authServerUrl, callbackUrl, or tenant are missing. */
336
+ declare function requireAuthConfig(overrides?: HostConfigOverride): ResolvedConfig;
273
337
  declare function getConfig(): ResolvedConfig;
274
- declare function setConfig(overrides: HostConfigOverride): void;
275
338
  declare const Config: {
276
339
  readonly getApiBaseUrl: () => string;
277
340
  readonly getAuthServerUrl: () => string;
278
341
  readonly getClientCode: () => string;
279
342
  readonly getRedirectUri: () => string;
280
- readonly getAll: () => ResolvedHostConfig;
343
+ readonly getAll: () => ResolvedConfig;
281
344
  };
345
+ /**
346
+ * Apply tenant switch in runtime config (memory + optional cache). Does not read stale snapshots.
347
+ */
348
+ declare function applyRuntimeTenantSwitch(tenantKey: string, opts?: {
349
+ syncStorageCache?: boolean;
350
+ }): void;
282
351
 
283
352
  /**
284
353
  * React Context Provider for authentication state (FINAL)
@@ -511,6 +580,21 @@ declare function startCookieWatcher(): void;
511
580
  declare function stopCookieWatcher(): void;
512
581
  declare function resetCookieWatcher(): void;
513
582
 
583
+ /**
584
+ * Storage watcher to detect manual storage clears and restart auth flow.
585
+ * Infrastructure layer: uses storage and callback; application sets callback to bootstrap.
586
+ */
587
+ declare function startStorageWatcher(): void;
588
+ declare function stopStorageWatcher(): void;
589
+
590
+ /**
591
+ * Suppress watcher side effects during intentional auth teardown (e.g. logout).
592
+ * Deterministic: set before storage/cookie mutation, clear after cleanup completes.
593
+ */
594
+ declare function suspendWatchers(): number;
595
+ declare function resumeWatchers(expectedGen?: number): void;
596
+ declare function areWatchersSuspended(): boolean;
597
+
514
598
  /**
515
599
  * Structured auth event emitter for observability and audit.
516
600
  */
@@ -539,4 +623,4 @@ type AuthEventHandler = (payload?: AuthEventPayload) => void;
539
623
  declare function emitAuthEvent(event: AuthEventName, payload?: AuthEventPayload): void;
540
624
  declare function subscribeAuthEvent(event: AuthEventName | '*', handler: AuthEventHandler): () => void;
541
625
 
542
- export { AuthCallback, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type HostConfigOverride, type Logger, OAUTH_CONSTANTS, ProtectedRoute, type ResolvedConfig, type SDKConfig, STORAGE_KEYS, STORAGE_KEY_PREFIX, SanitizedError, type StorageAdapter, type StorageNamespace, type TenantConfig, type TenantResolver, type TokenResponse, type TokenStorageAdapter, type Unsubscribe, type UrlProvider, bootstrap, buildStorageKey, createAuthEngine, createCookieStorageAdapter, createMemoryStorageAdapter, createOAuth2PkceStrategy, createSecureSessionStorageAdapter, emitAuthEvent, enforceHttps, ensureValidAccessToken, extractTenantKey, getAccessToken$1 as getAccessToken, getAuthRuntime, getConfig, getStorageAdapter, getStorageNamespace, getAccessToken as getStoredAccessToken, isAccessTokenExpired, isCallbackUrl, logout, refreshAccessToken, resetCookieWatcher, resolveConfig, resolveTenant, sanitizeErrorMessage, setAuthRuntime, setConfig, setStorageContext, startCookieWatcher, stopCookieWatcher, subscribeAuthEvent, useAuth, useAuthContext, useAuthInit };
626
+ export { AuthCallback, AuthConfigError, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigLayerSource, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type FieldSourceMap, type GetAuthConfigOptions, type HostConfigOverride, type Logger, OAUTH_CONSTANTS, ProtectedRoute, type ResolvedConfig, type SDKConfig, STORAGE_KEYS, STORAGE_KEY_PREFIX, SanitizedError, type StorageAdapter, type StorageNamespace, type TenantConfig, type TenantResolver, type TokenResponse, type TokenStorageAdapter, type Unsubscribe, type UrlProvider, applyRuntimeTenantSwitch, areWatchersSuspended, bootstrap, buildStorageKey, createAuthEngine, createCookieStorageAdapter, createMemoryStorageAdapter, createOAuth2PkceStrategy, createSecureSessionStorageAdapter, emitAuthEvent, enforceHttps, ensureValidAccessToken, extractTenantKey, getAccessToken$1 as getAccessToken, getAuthConfig, getAuthRuntime, getConfig, getConfigFieldSources, getEffectiveTenantCode, getEffectiveTenantKey, getStorageAdapter, getStorageNamespace, getAccessToken as getStoredAccessToken, initPlugin, isAccessTokenExpired, isCallbackUrl, logConfigResolutionDebug, logout, refreshAccessToken, requireAuthConfig, resetCookieWatcher, resolveConfig, resolveTenant, resumeWatchers, sanitizeErrorMessage, setAuthRuntime, setConfig, setHostConfigProvider, setStorageContext, startCookieWatcher, startStorageWatcher, stopCookieWatcher, stopStorageWatcher, subscribeAuthEvent, suspendWatchers, syncHostConfigCacheFromMemory, useAuth, useAuthContext, useAuthInit, writeHostConfigCache };