tenneo-auth-plugin 1.0.2 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.mts CHANGED
@@ -6,29 +6,27 @@ import React from 'react';
6
6
  declare function bootstrap(): Promise<void>;
7
7
 
8
8
  /**
9
- * Logout functionality.
10
- * Clears session auth data and performs server logout when possible.
9
+ * Logout: idempotent, host-driven config, no fragile host_config snapshot/restore.
11
10
  *
12
- * This module is hardened for:
13
- * - Multi-tab race safety (timestamp-based lock)
14
- * - Proper server logout validation
15
- * - Scoped auth storage cleanup
16
- * - Watcher lifecycle correctness
17
- * - CSRF protection (when host app provides a token)
11
+ * - Watchers suspended during teardown to avoid bootstrap races
12
+ * - Server logout: POST only (no unsafe GET fallback)
13
+ * - Local state always cleared even if server fails
14
+ * - Storage cache refreshed from current runtime config (memory/host), never a stale snapshot
18
15
  */
19
16
  interface LogoutResponse {
20
17
  success?: boolean;
21
18
  message?: string;
22
19
  logout?: boolean;
23
20
  }
24
- /**
25
- * Public logout API – keeps signature/backward-compatibility.
26
- */
27
- declare function logout(tenantKey?: string): Promise<{
21
+ type LogoutResult = {
28
22
  success: boolean;
29
23
  message: string;
30
24
  serverResponse?: LogoutResponse;
31
- }>;
25
+ };
26
+ /**
27
+ * Idempotent logout: coalesces concurrent calls in the same JS realm; cross-tab deduped via short lock.
28
+ */
29
+ declare function logout(tenantKey?: string): Promise<LogoutResult>;
32
30
 
33
31
  /**
34
32
  * Domain types for the authentication gateway plugin.
@@ -221,6 +219,8 @@ interface SDKConfig {
221
219
  authServerUrl?: string;
222
220
  /** Callback/redirect URL (full URL). */
223
221
  callbackUrl?: string;
222
+ /** Alias some hosts use for OAuth redirect URI (same as callbackUrl). */
223
+ redirectUri?: string;
224
224
  /** Optional tenant code/key (used for tenant resolution). */
225
225
  tenantCode?: string;
226
226
  tenantKey?: string;
@@ -241,8 +241,71 @@ interface ResolvedConfig {
241
241
  clientCode: string;
242
242
  tenantCode: string;
243
243
  appId: string;
244
+ /** OAuth client id (may match clientCode / public client). */
245
+ clientId: string;
246
+ /** Tenant id from tenant resolution API when available. */
247
+ tenantId: string;
248
+ }
249
+
250
+ /**
251
+ * Host-aware config resolution: memory → host bridge (window / provider) → storage cache (fallback).
252
+ * Does not import application/storage barrel to avoid circular deps — uses storage/kv only.
253
+ */
254
+
255
+ type ConfigLayerSource = 'override' | 'memory' | 'host_bridge' | 'storage_cache';
256
+ declare global {
257
+ interface Window {
258
+ /** Optional host-injected auth config (runtime). Lowest priority vs setConfig memory, above storage cache. */
259
+ __TENNEO_AUTH_HOST__?: Partial<SDKConfig>;
260
+ }
261
+ }
262
+ declare function setConfig(overrides: HostConfigOverride): void;
263
+ declare function setHostConfigProvider(fn: (() => Partial<SDKConfig> | null | undefined) | null): void;
264
+ interface FieldSourceMap {
265
+ tenantCode?: ConfigLayerSource;
266
+ tenantKey?: ConfigLayerSource;
267
+ apiBaseUrl?: ConfigLayerSource;
268
+ authServerUrl?: ConfigLayerSource;
269
+ callbackUrl?: ConfigLayerSource;
270
+ clientCode?: ConfigLayerSource;
271
+ clientId?: ConfigLayerSource;
272
+ tenantId?: ConfigLayerSource;
273
+ appId?: ConfigLayerSource;
274
+ }
275
+ /**
276
+ * Per-field source for debugging (first layer that supplied a non-empty value).
277
+ */
278
+ declare function getConfigFieldSources(overrides?: HostConfigOverride): FieldSourceMap;
279
+ declare function getEffectiveTenantCode(overrides?: HostConfigOverride): string;
280
+ /** @alias getEffectiveTenantCode — tenant_key / tenant_code / clientCode from resolved config */
281
+ declare const getEffectiveTenantKey: typeof getEffectiveTenantCode;
282
+ interface GetAuthConfigOptions {
283
+ /** When true, throws if required OAuth / tenant fields are missing. */
284
+ strict?: boolean;
285
+ overrides?: HostConfigOverride;
286
+ }
287
+ declare class AuthConfigError extends Error {
288
+ readonly code = "AUTH_CONFIG_MISSING";
289
+ readonly missing: string[];
290
+ constructor(missing: string[], message?: string);
244
291
  }
245
- type ResolvedHostConfig = ResolvedConfig;
292
+ declare function resolveConfig(overrides?: HostConfigOverride): ResolvedConfig;
293
+ /**
294
+ * Persist a non-authoritative copy for early readers (bootstrap before React).
295
+ * Never use as sole source of truth — memory/host win at resolve time.
296
+ */
297
+ /**
298
+ * After logout or host-driven updates: persist a cache snapshot from current resolved SDK config (non-empty fields only).
299
+ */
300
+ declare function syncHostConfigCacheFromMemory(): void;
301
+ declare function writeHostConfigCache(partial: HostConfigOverride): void;
302
+ /**
303
+ * Host entrypoint: merge into memory and optionally refresh storage cache.
304
+ */
305
+ declare function initPlugin(config: HostConfigOverride, opts?: {
306
+ syncStorageCache?: boolean;
307
+ }): void;
308
+ declare function logConfigResolutionDebug(context: string, overrides?: HostConfigOverride): void;
246
309
 
247
310
  /**
248
311
  * OAuth constants and storage keys. No config resolution — pure constants.
@@ -267,25 +330,24 @@ declare const STORAGE_KEYS: {
267
330
  readonly expiresAt: "tenneo_auth_expires_at";
268
331
  };
269
332
 
270
- /**
271
- * Config: minimal host-driven config store + facade.
272
- *
273
- * No "internal" or "runtime" config separation.
274
- * Everything comes from the host app via `setConfig()` / `AuthProvider` props.
275
- */
276
-
277
- declare function resolveConfig(overrides?: HostConfigOverride): ResolvedConfig;
333
+ /** Resolved config; pass `{ strict: true }` to fail fast if OAuth fields are missing. */
334
+ declare function getAuthConfig(options?: GetAuthConfigOptions): ResolvedConfig;
335
+ /** Fail fast when authServerUrl, callbackUrl, or tenant are missing. */
336
+ declare function requireAuthConfig(overrides?: HostConfigOverride): ResolvedConfig;
278
337
  declare function getConfig(): ResolvedConfig;
279
- /** Public helper: host + internal code can use this as the single source of truth for auth config. */
280
- declare function getAuthConfig(): ResolvedConfig;
281
- declare function setConfig(overrides: HostConfigOverride): void;
282
338
  declare const Config: {
283
339
  readonly getApiBaseUrl: () => string;
284
340
  readonly getAuthServerUrl: () => string;
285
341
  readonly getClientCode: () => string;
286
342
  readonly getRedirectUri: () => string;
287
- readonly getAll: () => ResolvedHostConfig;
343
+ readonly getAll: () => ResolvedConfig;
288
344
  };
345
+ /**
346
+ * Apply tenant switch in runtime config (memory + optional cache). Does not read stale snapshots.
347
+ */
348
+ declare function applyRuntimeTenantSwitch(tenantKey: string, opts?: {
349
+ syncStorageCache?: boolean;
350
+ }): void;
289
351
 
290
352
  /**
291
353
  * React Context Provider for authentication state (FINAL)
@@ -518,6 +580,21 @@ declare function startCookieWatcher(): void;
518
580
  declare function stopCookieWatcher(): void;
519
581
  declare function resetCookieWatcher(): void;
520
582
 
583
+ /**
584
+ * Storage watcher to detect manual storage clears and restart auth flow.
585
+ * Infrastructure layer: uses storage and callback; application sets callback to bootstrap.
586
+ */
587
+ declare function startStorageWatcher(): void;
588
+ declare function stopStorageWatcher(): void;
589
+
590
+ /**
591
+ * Suppress watcher side effects during intentional auth teardown (e.g. logout).
592
+ * Deterministic: set before storage/cookie mutation, clear after cleanup completes.
593
+ */
594
+ declare function suspendWatchers(): number;
595
+ declare function resumeWatchers(expectedGen?: number): void;
596
+ declare function areWatchersSuspended(): boolean;
597
+
521
598
  /**
522
599
  * Structured auth event emitter for observability and audit.
523
600
  */
@@ -546,4 +623,4 @@ type AuthEventHandler = (payload?: AuthEventPayload) => void;
546
623
  declare function emitAuthEvent(event: AuthEventName, payload?: AuthEventPayload): void;
547
624
  declare function subscribeAuthEvent(event: AuthEventName | '*', handler: AuthEventHandler): () => void;
548
625
 
549
- export { AuthCallback, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type HostConfigOverride, type Logger, OAUTH_CONSTANTS, ProtectedRoute, type ResolvedConfig, type SDKConfig, STORAGE_KEYS, STORAGE_KEY_PREFIX, SanitizedError, type StorageAdapter, type StorageNamespace, type TenantConfig, type TenantResolver, type TokenResponse, type TokenStorageAdapter, type Unsubscribe, type UrlProvider, bootstrap, buildStorageKey, createAuthEngine, createCookieStorageAdapter, createMemoryStorageAdapter, createOAuth2PkceStrategy, createSecureSessionStorageAdapter, emitAuthEvent, enforceHttps, ensureValidAccessToken, extractTenantKey, getAccessToken$1 as getAccessToken, getAuthConfig, getAuthRuntime, getConfig, getStorageAdapter, getStorageNamespace, getAccessToken as getStoredAccessToken, isAccessTokenExpired, isCallbackUrl, logout, refreshAccessToken, resetCookieWatcher, resolveConfig, resolveTenant, sanitizeErrorMessage, setAuthRuntime, setConfig, setStorageContext, startCookieWatcher, stopCookieWatcher, subscribeAuthEvent, useAuth, useAuthContext, useAuthInit };
626
+ export { AuthCallback, AuthConfigError, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigLayerSource, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type FieldSourceMap, type GetAuthConfigOptions, type HostConfigOverride, type Logger, OAUTH_CONSTANTS, ProtectedRoute, type ResolvedConfig, type SDKConfig, STORAGE_KEYS, STORAGE_KEY_PREFIX, SanitizedError, type StorageAdapter, type StorageNamespace, type TenantConfig, type TenantResolver, type TokenResponse, type TokenStorageAdapter, type Unsubscribe, type UrlProvider, applyRuntimeTenantSwitch, areWatchersSuspended, bootstrap, buildStorageKey, createAuthEngine, createCookieStorageAdapter, createMemoryStorageAdapter, createOAuth2PkceStrategy, createSecureSessionStorageAdapter, emitAuthEvent, enforceHttps, ensureValidAccessToken, extractTenantKey, getAccessToken$1 as getAccessToken, getAuthConfig, getAuthRuntime, getConfig, getConfigFieldSources, getEffectiveTenantCode, getEffectiveTenantKey, getStorageAdapter, getStorageNamespace, getAccessToken as getStoredAccessToken, initPlugin, isAccessTokenExpired, isCallbackUrl, logConfigResolutionDebug, logout, refreshAccessToken, requireAuthConfig, resetCookieWatcher, resolveConfig, resolveTenant, resumeWatchers, sanitizeErrorMessage, setAuthRuntime, setConfig, setHostConfigProvider, setStorageContext, startCookieWatcher, startStorageWatcher, stopCookieWatcher, stopStorageWatcher, subscribeAuthEvent, suspendWatchers, syncHostConfigCacheFromMemory, useAuth, useAuthContext, useAuthInit, writeHostConfigCache };
package/dist/index.d.ts CHANGED
@@ -6,29 +6,27 @@ import React from 'react';
6
6
  declare function bootstrap(): Promise<void>;
7
7
 
8
8
  /**
9
- * Logout functionality.
10
- * Clears session auth data and performs server logout when possible.
9
+ * Logout: idempotent, host-driven config, no fragile host_config snapshot/restore.
11
10
  *
12
- * This module is hardened for:
13
- * - Multi-tab race safety (timestamp-based lock)
14
- * - Proper server logout validation
15
- * - Scoped auth storage cleanup
16
- * - Watcher lifecycle correctness
17
- * - CSRF protection (when host app provides a token)
11
+ * - Watchers suspended during teardown to avoid bootstrap races
12
+ * - Server logout: POST only (no unsafe GET fallback)
13
+ * - Local state always cleared even if server fails
14
+ * - Storage cache refreshed from current runtime config (memory/host), never a stale snapshot
18
15
  */
19
16
  interface LogoutResponse {
20
17
  success?: boolean;
21
18
  message?: string;
22
19
  logout?: boolean;
23
20
  }
24
- /**
25
- * Public logout API – keeps signature/backward-compatibility.
26
- */
27
- declare function logout(tenantKey?: string): Promise<{
21
+ type LogoutResult = {
28
22
  success: boolean;
29
23
  message: string;
30
24
  serverResponse?: LogoutResponse;
31
- }>;
25
+ };
26
+ /**
27
+ * Idempotent logout: coalesces concurrent calls in the same JS realm; cross-tab deduped via short lock.
28
+ */
29
+ declare function logout(tenantKey?: string): Promise<LogoutResult>;
32
30
 
33
31
  /**
34
32
  * Domain types for the authentication gateway plugin.
@@ -221,6 +219,8 @@ interface SDKConfig {
221
219
  authServerUrl?: string;
222
220
  /** Callback/redirect URL (full URL). */
223
221
  callbackUrl?: string;
222
+ /** Alias some hosts use for OAuth redirect URI (same as callbackUrl). */
223
+ redirectUri?: string;
224
224
  /** Optional tenant code/key (used for tenant resolution). */
225
225
  tenantCode?: string;
226
226
  tenantKey?: string;
@@ -241,8 +241,71 @@ interface ResolvedConfig {
241
241
  clientCode: string;
242
242
  tenantCode: string;
243
243
  appId: string;
244
+ /** OAuth client id (may match clientCode / public client). */
245
+ clientId: string;
246
+ /** Tenant id from tenant resolution API when available. */
247
+ tenantId: string;
248
+ }
249
+
250
+ /**
251
+ * Host-aware config resolution: memory → host bridge (window / provider) → storage cache (fallback).
252
+ * Does not import application/storage barrel to avoid circular deps — uses storage/kv only.
253
+ */
254
+
255
+ type ConfigLayerSource = 'override' | 'memory' | 'host_bridge' | 'storage_cache';
256
+ declare global {
257
+ interface Window {
258
+ /** Optional host-injected auth config (runtime). Lowest priority vs setConfig memory, above storage cache. */
259
+ __TENNEO_AUTH_HOST__?: Partial<SDKConfig>;
260
+ }
261
+ }
262
+ declare function setConfig(overrides: HostConfigOverride): void;
263
+ declare function setHostConfigProvider(fn: (() => Partial<SDKConfig> | null | undefined) | null): void;
264
+ interface FieldSourceMap {
265
+ tenantCode?: ConfigLayerSource;
266
+ tenantKey?: ConfigLayerSource;
267
+ apiBaseUrl?: ConfigLayerSource;
268
+ authServerUrl?: ConfigLayerSource;
269
+ callbackUrl?: ConfigLayerSource;
270
+ clientCode?: ConfigLayerSource;
271
+ clientId?: ConfigLayerSource;
272
+ tenantId?: ConfigLayerSource;
273
+ appId?: ConfigLayerSource;
274
+ }
275
+ /**
276
+ * Per-field source for debugging (first layer that supplied a non-empty value).
277
+ */
278
+ declare function getConfigFieldSources(overrides?: HostConfigOverride): FieldSourceMap;
279
+ declare function getEffectiveTenantCode(overrides?: HostConfigOverride): string;
280
+ /** @alias getEffectiveTenantCode — tenant_key / tenant_code / clientCode from resolved config */
281
+ declare const getEffectiveTenantKey: typeof getEffectiveTenantCode;
282
+ interface GetAuthConfigOptions {
283
+ /** When true, throws if required OAuth / tenant fields are missing. */
284
+ strict?: boolean;
285
+ overrides?: HostConfigOverride;
286
+ }
287
+ declare class AuthConfigError extends Error {
288
+ readonly code = "AUTH_CONFIG_MISSING";
289
+ readonly missing: string[];
290
+ constructor(missing: string[], message?: string);
244
291
  }
245
- type ResolvedHostConfig = ResolvedConfig;
292
+ declare function resolveConfig(overrides?: HostConfigOverride): ResolvedConfig;
293
+ /**
294
+ * Persist a non-authoritative copy for early readers (bootstrap before React).
295
+ * Never use as sole source of truth — memory/host win at resolve time.
296
+ */
297
+ /**
298
+ * After logout or host-driven updates: persist a cache snapshot from current resolved SDK config (non-empty fields only).
299
+ */
300
+ declare function syncHostConfigCacheFromMemory(): void;
301
+ declare function writeHostConfigCache(partial: HostConfigOverride): void;
302
+ /**
303
+ * Host entrypoint: merge into memory and optionally refresh storage cache.
304
+ */
305
+ declare function initPlugin(config: HostConfigOverride, opts?: {
306
+ syncStorageCache?: boolean;
307
+ }): void;
308
+ declare function logConfigResolutionDebug(context: string, overrides?: HostConfigOverride): void;
246
309
 
247
310
  /**
248
311
  * OAuth constants and storage keys. No config resolution — pure constants.
@@ -267,25 +330,24 @@ declare const STORAGE_KEYS: {
267
330
  readonly expiresAt: "tenneo_auth_expires_at";
268
331
  };
269
332
 
270
- /**
271
- * Config: minimal host-driven config store + facade.
272
- *
273
- * No "internal" or "runtime" config separation.
274
- * Everything comes from the host app via `setConfig()` / `AuthProvider` props.
275
- */
276
-
277
- declare function resolveConfig(overrides?: HostConfigOverride): ResolvedConfig;
333
+ /** Resolved config; pass `{ strict: true }` to fail fast if OAuth fields are missing. */
334
+ declare function getAuthConfig(options?: GetAuthConfigOptions): ResolvedConfig;
335
+ /** Fail fast when authServerUrl, callbackUrl, or tenant are missing. */
336
+ declare function requireAuthConfig(overrides?: HostConfigOverride): ResolvedConfig;
278
337
  declare function getConfig(): ResolvedConfig;
279
- /** Public helper: host + internal code can use this as the single source of truth for auth config. */
280
- declare function getAuthConfig(): ResolvedConfig;
281
- declare function setConfig(overrides: HostConfigOverride): void;
282
338
  declare const Config: {
283
339
  readonly getApiBaseUrl: () => string;
284
340
  readonly getAuthServerUrl: () => string;
285
341
  readonly getClientCode: () => string;
286
342
  readonly getRedirectUri: () => string;
287
- readonly getAll: () => ResolvedHostConfig;
343
+ readonly getAll: () => ResolvedConfig;
288
344
  };
345
+ /**
346
+ * Apply tenant switch in runtime config (memory + optional cache). Does not read stale snapshots.
347
+ */
348
+ declare function applyRuntimeTenantSwitch(tenantKey: string, opts?: {
349
+ syncStorageCache?: boolean;
350
+ }): void;
289
351
 
290
352
  /**
291
353
  * React Context Provider for authentication state (FINAL)
@@ -518,6 +580,21 @@ declare function startCookieWatcher(): void;
518
580
  declare function stopCookieWatcher(): void;
519
581
  declare function resetCookieWatcher(): void;
520
582
 
583
+ /**
584
+ * Storage watcher to detect manual storage clears and restart auth flow.
585
+ * Infrastructure layer: uses storage and callback; application sets callback to bootstrap.
586
+ */
587
+ declare function startStorageWatcher(): void;
588
+ declare function stopStorageWatcher(): void;
589
+
590
+ /**
591
+ * Suppress watcher side effects during intentional auth teardown (e.g. logout).
592
+ * Deterministic: set before storage/cookie mutation, clear after cleanup completes.
593
+ */
594
+ declare function suspendWatchers(): number;
595
+ declare function resumeWatchers(expectedGen?: number): void;
596
+ declare function areWatchersSuspended(): boolean;
597
+
521
598
  /**
522
599
  * Structured auth event emitter for observability and audit.
523
600
  */
@@ -546,4 +623,4 @@ type AuthEventHandler = (payload?: AuthEventPayload) => void;
546
623
  declare function emitAuthEvent(event: AuthEventName, payload?: AuthEventPayload): void;
547
624
  declare function subscribeAuthEvent(event: AuthEventName | '*', handler: AuthEventHandler): () => void;
548
625
 
549
- export { AuthCallback, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type HostConfigOverride, type Logger, OAUTH_CONSTANTS, ProtectedRoute, type ResolvedConfig, type SDKConfig, STORAGE_KEYS, STORAGE_KEY_PREFIX, SanitizedError, type StorageAdapter, type StorageNamespace, type TenantConfig, type TenantResolver, type TokenResponse, type TokenStorageAdapter, type Unsubscribe, type UrlProvider, bootstrap, buildStorageKey, createAuthEngine, createCookieStorageAdapter, createMemoryStorageAdapter, createOAuth2PkceStrategy, createSecureSessionStorageAdapter, emitAuthEvent, enforceHttps, ensureValidAccessToken, extractTenantKey, getAccessToken$1 as getAccessToken, getAuthConfig, getAuthRuntime, getConfig, getStorageAdapter, getStorageNamespace, getAccessToken as getStoredAccessToken, isAccessTokenExpired, isCallbackUrl, logout, refreshAccessToken, resetCookieWatcher, resolveConfig, resolveTenant, sanitizeErrorMessage, setAuthRuntime, setConfig, setStorageContext, startCookieWatcher, stopCookieWatcher, subscribeAuthEvent, useAuth, useAuthContext, useAuthInit };
626
+ export { AuthCallback, AuthConfigError, type AuthContextValue, type AuthEngine, type AuthEngineConfig, type AuthEngineState, type AuthEventHandler, type AuthEventName, AuthEventNames, type AuthEventPayload, AuthProvider, type AuthRuntime, type AuthState, type AuthStateListener, type AuthStrategy, type AuthTokens, Config, type ConfigLayerSource, type ConfigProvider, type CookieClearer, type CurrentUrl, type EnvConfig, type FieldSourceMap, type GetAuthConfigOptions, type HostConfigOverride, type Logger, OAUTH_CONSTANTS, ProtectedRoute, type ResolvedConfig, type SDKConfig, STORAGE_KEYS, STORAGE_KEY_PREFIX, SanitizedError, type StorageAdapter, type StorageNamespace, type TenantConfig, type TenantResolver, type TokenResponse, type TokenStorageAdapter, type Unsubscribe, type UrlProvider, applyRuntimeTenantSwitch, areWatchersSuspended, bootstrap, buildStorageKey, createAuthEngine, createCookieStorageAdapter, createMemoryStorageAdapter, createOAuth2PkceStrategy, createSecureSessionStorageAdapter, emitAuthEvent, enforceHttps, ensureValidAccessToken, extractTenantKey, getAccessToken$1 as getAccessToken, getAuthConfig, getAuthRuntime, getConfig, getConfigFieldSources, getEffectiveTenantCode, getEffectiveTenantKey, getStorageAdapter, getStorageNamespace, getAccessToken as getStoredAccessToken, initPlugin, isAccessTokenExpired, isCallbackUrl, logConfigResolutionDebug, logout, refreshAccessToken, requireAuthConfig, resetCookieWatcher, resolveConfig, resolveTenant, resumeWatchers, sanitizeErrorMessage, setAuthRuntime, setConfig, setHostConfigProvider, setStorageContext, startCookieWatcher, startStorageWatcher, stopCookieWatcher, stopStorageWatcher, subscribeAuthEvent, suspendWatchers, syncHostConfigCacheFromMemory, useAuth, useAuthContext, useAuthInit, writeHostConfigCache };