woodsportal-client-sdk 4.0.4-dev.13 → 4.0.4-dev.14

package/dist/chunk-COHBSTHF.js

@@ -0,0 +1,82 @@
+// src/main/core/auth/auth-error-codes.ts
+var AuthErrorCode = {
+  AUTHENTICATION_FAILED: "AUTHENTICATION_FAILED",
+  TOKEN_INVALID: "AUTH_TOKEN_INVALID",
+  TOKEN_EXPIRED: "AUTH_TOKEN_EXPIRED",
+  ACCOUNT_LOCKED: "AUTH_ACCOUNT_LOCKED",
+  ACCOUNT_DISABLED: "AUTH_ACCOUNT_DISABLED",
+  LOGIN_FAILED: "LOGIN_FAILED",
+  INVALID_CREDENTIALS: "AUTH_INVALID_CREDENTIALS",
+  TWO_FACTOR_REQUIRED: "AUTH_2FA_REQUIRED",
+  EMAIL_NOT_VERIFIED: "AUTH_EMAIL_NOT_VERIFIED",
+  ACCESS_DENIED: "ACCESS_DENIED",
+  ACCESS_FORBIDDEN: "ACCESS_FORBIDDEN",
+  ACCESS_UNAUTHORIZED: "ACCESS_UNAUTHORIZED",
+  MISSING_REFRESH_TOKEN: "MISSING_REFRESH_TOKEN",
+  MISSING_HEADERS: "MISSING_HEADERS",
+  OAUTH_PROCESSING_ERROR: "OAUTH_PROCESSING_ERROR",
+  HUBSPOT_REAUTH_REQUIRED: "HUBSPOT_REAUTH_REQUIRED",
+  PORTAL_INACTIVE: "PORTAL_INACTIVE",
+  AMBIGUOUS_HUB_ID: "AMBIGUOUS_HUB_ID",
+  COMMERCIAL_ACCESS_EXPIRED: "COMMERCIAL_ACCESS_EXPIRED"
+};
+function parseApiErrorPayload(data) {
+  if (!data || typeof data !== "object") {
+    return {};
+  }
+  const payload = data;
+  return {
+    errorCode: typeof payload.errorCode === "string" ? payload.errorCode : void 0,
+    errorMessage: typeof payload.errorMessage === "string" ? payload.errorMessage : typeof payload.message === "string" ? payload.message : void 0,
+    detailedMessage: typeof payload.detailedMessage === "string" ? payload.detailedMessage : void 0,
+    correlationId: typeof payload.correlationId === "string" ? payload.correlationId : void 0,
+    statusCode: typeof payload.statusCode === "number" ? payload.statusCode : void 0,
+    category: typeof payload.category === "string" ? payload.category : void 0
+  };
+}
+function getUnauthorizedPageCopy(errorCode, fallbackMessage) {
+  switch (errorCode) {
+    case AuthErrorCode.HUBSPOT_REAUTH_REQUIRED:
+      return {
+        title: "HubSpot re-authorization required",
+        message: fallbackMessage ?? "Reconnect your HubSpot account to continue using WoodsPortal.",
+        buttonLabel: "Go to HubSpot Accounts",
+        clearSessionOnMount: false
+      };
+    case AuthErrorCode.ACCOUNT_LOCKED:
+    case AuthErrorCode.ACCOUNT_DISABLED:
+      return {
+        title: "Account unavailable",
+        message: fallbackMessage ?? "Your account is locked or disabled. Contact support if you need access.",
+        buttonLabel: "Go to Login",
+        clearSessionOnMount: true
+      };
+    case AuthErrorCode.ACCESS_DENIED:
+    case AuthErrorCode.ACCESS_FORBIDDEN:
+      return {
+        title: "Access denied",
+        message: fallbackMessage ?? "You do not have permission to perform this action.",
+        buttonLabel: "Go to Login",
+        clearSessionOnMount: false
+      };
+    case AuthErrorCode.TOKEN_EXPIRED:
+    case AuthErrorCode.TOKEN_INVALID:
+      return {
+        title: "Session expired",
+        message: fallbackMessage ?? "Your session has expired. Please log in again to continue.",
+        buttonLabel: "Go to Login",
+        clearSessionOnMount: true
+      };
+    default:
+      return {
+        title: "Unauthorized",
+        message: fallbackMessage ?? "Your session may have expired or you do not have the required permissions. Please log in again to continue.",
+        buttonLabel: "Go to Login",
+        clearSessionOnMount: true
+      };
+  }
+}
+
+export { AuthErrorCode, getUnauthorizedPageCopy, parseApiErrorPayload };
+//# sourceMappingURL=chunk-COHBSTHF.js.map
+//# sourceMappingURL=chunk-COHBSTHF.js.map

package/dist/chunk-COHBSTHF.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/main/core/auth/auth-error-codes.ts"],"names":[],"mappings":";AACO,IAAM,aAAA,GAAgB;AAAA,EACzB,qBAAA,EAAuB,uBAAA;AAAA,EACvB,aAAA,EAAe,oBAAA;AAAA,EACf,aAAA,EAAe,oBAAA;AAAA,EACf,cAAA,EAAgB,qBAAA;AAAA,EAChB,gBAAA,EAAkB,uBAAA;AAAA,EAClB,YAAA,EAAc,cAAA;AAAA,EACd,mBAAA,EAAqB,0BAAA;AAAA,EACrB,mBAAA,EAAqB,mBAAA;AAAA,EACrB,kBAAA,EAAoB,yBAAA;AAAA,EACpB,aAAA,EAAe,eAAA;AAAA,EACf,gBAAA,EAAkB,kBAAA;AAAA,EAClB,mBAAA,EAAqB,qBAAA;AAAA,EACrB,qBAAA,EAAuB,uBAAA;AAAA,EACvB,eAAA,EAAiB,iBAAA;AAAA,EACjB,sBAAA,EAAwB,wBAAA;AAAA,EACxB,uBAAA,EAAyB,yBAAA;AAAA,EACzB,eAAA,EAAiB,iBAAA;AAAA,EACjB,gBAAA,EAAkB,kBAAA;AAAA,EAClB,yBAAA,EAA2B;AAC/B;AAeO,SAAS,qBAAqB,IAAA,EAAgC;AACjE,EAAA,IAAI,CAAC,IAAA,IAAQ,OAAO,IAAA,KAAS,QAAA,EAAU;AACnC,IAAA,OAAO,EAAC;AAAA,EACZ;AACA,EAAA,MAAM,OAAA,GAAU,IAAA;AAChB,EAAA,OAAO;AAAA,IACH,WAAW,OAAO,OAAA,CAAQ,SAAA,KAAc,QAAA,GAAW,QAAQ,SAAA,GAAY,MAAA;AAAA,IACvE,YAAA,EACI,OAAO,OAAA,CAAQ,YAAA,KAAiB,QAAA,GAAW,OAAA,CAAQ,YAAA,GAAe,OAAO,OAAA,CAAQ,OAAA,KAAY,QAAA,GAAW,OAAA,CAAQ,OAAA,GAAU,MAAA;AAAA,IAC9H,iBAAiB,OAAO,OAAA,CAAQ,eAAA,KAAoB,QAAA,GAAW,QAAQ,eAAA,GAAkB,MAAA;AAAA,IACzF,eAAe,OAAO,OAAA,CAAQ,aAAA,KAAkB,QAAA,GAAW,QAAQ,aAAA,GAAgB,MAAA;AAAA,IACnF,YAAY,OAAO,OAAA,CAAQ,UAAA,KAAe,QAAA,GAAW,QAAQ,UAAA,GAAa,MAAA;AAAA,IAC1E,UAAU,OAAO,OAAA,CAAQ,QAAA,KAAa,QAAA,GAAW,QAAQ,QAAA,GAAW;AAAA,GACxE;AACJ;AASO,SAAS,uBAAA,CAAwB,WAAoB,eAAA,EAAgD;AACxG,EAAA,QAAQ,SAAA;AAAW,IACf,KAAK,aAAA,CAAc,uBAAA;AACf,MAAA,OAAO;AAAA,QACH,KAAA,EAAO,mCAAA;AAAA,QACP,SAAS,eAAA,IAAmB,+DAAA;AAAA,QAC5B,WAAA,EAAa,wBAAA;AAAA,QACb,mBAAA,EAAqB;AAAA,OACzB;AAAA,IACJ,KAAK,aAAA,CAAc,cAAA;AAAA,IACnB,KAAK,aAAA,CAAc,gBAAA;AACf,MAAA,OAAO;AAAA,QACH,KAAA,EAAO,qBAAA;AAAA,QACP,SAAS,eAAA,IAAmB,yEAAA;AAAA,QAC5B,WAAA,EAAa,aAAA;AAAA,QACb,mBAAA,EAAqB;AAAA,OACzB;AAAA,IACJ,KAAK,aAAA,CAAc,aAAA;AAAA,IACnB,KAAK,aAAA,CAAc,gBAAA;AACf,MAAA,OAAO;AAAA,QACH,KAAA,EAAO,eAAA;AAAA,QACP,SAAS,eAAA,IAAmB,oDAAA;AAAA,QAC5B,WAAA,EAAa,aAAA;AAAA,QACb,mBAAA,EAAqB;AAAA,OACzB;AAAA,IACJ,KAAK,aAAA,CAAc,aAAA;AAAA,IACnB,KAAK,aAAA,CAAc,aAAA;AACf,MAAA,OAAO;AAAA,QACH,KAAA,EAAO,iBAAA;AAAA,QACP,SAAS,eAAA,IAAmB,4DAAA;AAAA,QAC5B,WAAA,EAAa,aAAA;AAAA,QACb,mBAAA,EAAqB;AAAA,OACzB;AAAA,IACJ;AACI,MAAA,OAAO;AAAA,QACH,KAAA,EAAO,cAAA;AAAA,QACP,SACI,eAAA,IAAmB,6GAAA;AAAA,QACvB,WAAA,EAAa,aAAA;AAAA,QACb,mBAAA,EAAqB;AAAA,OACzB;AAAA;AAEZ","file":"chunk-COHBSTHF.js","sourcesContent":["/** Auth-related API error codes (woodsportal-api ErrorCode.java + API-ERROR-CODES.md). */\nexport const AuthErrorCode = {\n    AUTHENTICATION_FAILED: 'AUTHENTICATION_FAILED',\n    TOKEN_INVALID: 'AUTH_TOKEN_INVALID',\n    TOKEN_EXPIRED: 'AUTH_TOKEN_EXPIRED',\n    ACCOUNT_LOCKED: 'AUTH_ACCOUNT_LOCKED',\n    ACCOUNT_DISABLED: 'AUTH_ACCOUNT_DISABLED',\n    LOGIN_FAILED: 'LOGIN_FAILED',\n    INVALID_CREDENTIALS: 'AUTH_INVALID_CREDENTIALS',\n    TWO_FACTOR_REQUIRED: 'AUTH_2FA_REQUIRED',\n    EMAIL_NOT_VERIFIED: 'AUTH_EMAIL_NOT_VERIFIED',\n    ACCESS_DENIED: 'ACCESS_DENIED',\n    ACCESS_FORBIDDEN: 'ACCESS_FORBIDDEN',\n    ACCESS_UNAUTHORIZED: 'ACCESS_UNAUTHORIZED',\n    MISSING_REFRESH_TOKEN: 'MISSING_REFRESH_TOKEN',\n    MISSING_HEADERS: 'MISSING_HEADERS',\n    OAUTH_PROCESSING_ERROR: 'OAUTH_PROCESSING_ERROR',\n    HUBSPOT_REAUTH_REQUIRED: 'HUBSPOT_REAUTH_REQUIRED',\n    PORTAL_INACTIVE: 'PORTAL_INACTIVE',\n    AMBIGUOUS_HUB_ID: 'AMBIGUOUS_HUB_ID',\n    COMMERCIAL_ACCESS_EXPIRED: 'COMMERCIAL_ACCESS_EXPIRED'\n} as const\n\nexport type AuthErrorCodeValue = (typeof AuthErrorCode)[keyof typeof AuthErrorCode]\n\nexport type ApiErrorPayload = {\n    errorCode?: string\n    errorMessage?: string\n    detailedMessage?: string\n    correlationId?: string\n    statusCode?: number\n    category?: string\n}\n\nexport type StoredAuthError = ApiErrorPayload & { ts?: number }\n\nexport function parseApiErrorPayload(data: unknown): ApiErrorPayload {\n    if (!data || typeof data !== 'object') {\n        return {}\n    }\n    const payload = data as Record<string, unknown>\n    return {\n        errorCode: typeof payload.errorCode === 'string' ? payload.errorCode : undefined,\n        errorMessage:\n            typeof payload.errorMessage === 'string' ? payload.errorMessage : typeof payload.message === 'string' ? payload.message : undefined,\n        detailedMessage: typeof payload.detailedMessage === 'string' ? payload.detailedMessage : undefined,\n        correlationId: typeof payload.correlationId === 'string' ? payload.correlationId : undefined,\n        statusCode: typeof payload.statusCode === 'number' ? payload.statusCode : undefined,\n        category: typeof payload.category === 'string' ? payload.category : undefined\n    }\n}\n\nexport type UnauthorizedPageCopy = {\n    title: string\n    message: string\n    buttonLabel: string\n    clearSessionOnMount: boolean\n}\n\nexport function getUnauthorizedPageCopy(errorCode?: string, fallbackMessage?: string): UnauthorizedPageCopy {\n    switch (errorCode) {\n        case AuthErrorCode.HUBSPOT_REAUTH_REQUIRED:\n            return {\n                title: 'HubSpot re-authorization required',\n                message: fallbackMessage ?? 'Reconnect your HubSpot account to continue using WoodsPortal.',\n                buttonLabel: 'Go to HubSpot Accounts',\n                clearSessionOnMount: false\n            }\n        case AuthErrorCode.ACCOUNT_LOCKED:\n        case AuthErrorCode.ACCOUNT_DISABLED:\n            return {\n                title: 'Account unavailable',\n                message: fallbackMessage ?? 'Your account is locked or disabled. Contact support if you need access.',\n                buttonLabel: 'Go to Login',\n                clearSessionOnMount: true\n            }\n        case AuthErrorCode.ACCESS_DENIED:\n        case AuthErrorCode.ACCESS_FORBIDDEN:\n            return {\n                title: 'Access denied',\n                message: fallbackMessage ?? 'You do not have permission to perform this action.',\n                buttonLabel: 'Go to Login',\n                clearSessionOnMount: false\n            }\n        case AuthErrorCode.TOKEN_EXPIRED:\n        case AuthErrorCode.TOKEN_INVALID:\n            return {\n                title: 'Session expired',\n                message: fallbackMessage ?? 'Your session has expired. Please log in again to continue.',\n                buttonLabel: 'Go to Login',\n                clearSessionOnMount: true\n            }\n        default:\n            return {\n                title: 'Unauthorized',\n                message:\n                    fallbackMessage ?? 'Your session may have expired or you do not have the required permissions. Please log in again to continue.',\n                buttonLabel: 'Go to Login',\n                clearSessionOnMount: true\n            }\n    }\n}\n"]}

package/dist/{chunk-ZMZPDWQL.js → chunk-GDMFRKAK.js}

@@ -1,5 +1,5 @@
-import { getParamDetails, getRouteDetails, updateLink, configureLogger, isHttpTracingEnabled, logger, sanitizeAxiosErrorData, getParam, decodeToBase64, generatePath, getPath, getRouteMenu, tableUiActions, ticketHubspotObjectTypeId, tableStore, actions2, userStore, fileStore, actions6, emailStore, actions5, noteStore, actions4, tableUiStore, resetAllStore, breadcrumbStage, isMessingParentLastItem, isMessingParent, generateUrl } from './chunk-PWTYQHOQ.js';
-import { HUBSPOT_DATA, PORTAL_ID, configureStorageKeys, setIframeStorageMode, setRefreshCallback, getAccessToken, setRefreshToken, setAccessToken, ensureValidRefresh, DEV_API_URL, DEV_PORTAL_ID, HUB_ID } from './chunk-QPSCMK4W.js';
+import { getParamDetails, getRouteDetails, updateLink, configureLogger, isHttpTracingEnabled, logger, sanitizeAxiosErrorData, getParam, decodeToBase64, generatePath, getPath, getRouteMenu, tableUiActions, ticketHubspotObjectTypeId, tableStore, actions2, userStore, fileStore, actions6, emailStore, actions5, noteStore, actions4, tableUiStore, resetAllStore, breadcrumbStage, isMessingParentLastItem, isMessingParent, generateUrl } from './chunk-6ZF2RQJP.js';
+import { HUBSPOT_DATA, PORTAL_ID, configureStorageKeys, setIframeStorageMode, setRefreshBufferSeconds, setRefreshCallback, getAccessToken, setRefreshToken, storAccessToken, refreshSession, ensureValidRefresh, DEV_API_URL, DEV_PORTAL_ID, HUB_ID, isAccessTokenExpired } from './chunk-TVUBMDXX.js';
 import axios2 from 'axios';
 
 // src/main/core/utils/localStorage.ts
@@ -99,6 +99,42 @@ var setConfig = {
     });
   }
 };
+
+// src/main/core/http/visibility-refresh-scheduler.ts
+var visibilityStop = null;
+function startVisibilityRefreshScheduler(options) {
+  if (typeof window === "undefined") {
+    return () => void 0;
+  }
+  visibilityStop?.();
+  const intervalMs = options.intervalMs ?? 6e4;
+  const tick = () => {
+    if (document.visibilityState !== "visible") return;
+    if (!options.shouldRefresh()) return;
+    void options.refresh();
+  };
+  const onVisibility = () => {
+    if (document.visibilityState === "visible") {
+      void tick();
+    }
+  };
+  const intervalId = window.setInterval(tick, intervalMs);
+  document.addEventListener("visibilitychange", onVisibility);
+  window.addEventListener("focus", onVisibility);
+  const stop = () => {
+    window.clearInterval(intervalId);
+    document.removeEventListener("visibilitychange", onVisibility);
+    window.removeEventListener("focus", onVisibility);
+    if (visibilityStop === stop) {
+      visibilityStop = null;
+    }
+  };
+  visibilityStop = stop;
+  return stop;
+}
+function stopVisibilityRefreshScheduler() {
+  visibilityStop?.();
+}
 var SERVICE_UNAVAILABLE_MESSAGE = "Service temporarily unavailable. Please try again in a few minutes.";
 var SERVICE_UNAVAILABLE_STATUSES = /* @__PURE__ */ new Set([502, 503, 504]);
 function classifyHttpError(error) {
@@ -167,6 +203,7 @@ var API_ENDPOINTS = {
   PRE_LOGIN: "/api/auth/pre-login",
   LOGIN: "/api/auth/login",
   AUTH_REFRESH: "/api/auth/refresh",
+  AUTH_REFRESH_COOKIE: "/api/auth/refresh-cookie",
   FORGET_PASSWORD: "/api/auth/forget-password",
   RESET_PASSWORD_VERIFY_TOKEN: "/api/auth/token/validate",
   RESET_PASSWORD: "/api/auth/reset-password",
@@ -342,6 +379,108 @@ function getHttpUrl(config4) {
 // src/main/core/http/http-client.ts
 var axiosInstance = null;
 var config3 = {};
+function buildAuthPolicy() {
+  const routes = config3.routes ?? {};
+  const base = config3.authPolicy ?? {};
+  return {
+    routes: {
+      unauthorized: routes.unauthorized ?? "/unauthorized",
+      login: routes.login ?? "/login",
+      twoFa: routes.twoFa ?? "/login/two-fa",
+      resendEmail: routes.resendEmail ?? "/resend-email",
+      accountSelect: routes.accountSelect ?? "/account-select",
+      ...base.routes
+    },
+    optionalAuthFailurePaths: base.optionalAuthFailurePaths ?? [
+      API_ENDPOINTS.MFA_STATUS,
+      API_ENDPOINTS.MFA_PREFERENCES,
+      API_ENDPOINTS.MFA_TOTP_ENROLL_START,
+      API_ENDPOINTS.MFA_TOTP_ENROLL_VERIFY,
+      API_ENDPOINTS.MFA_TOTP_DISABLE,
+      API_ENDPOINTS.MFA_PHONE_VERIFY_START,
+      API_ENDPOINTS.MFA_PHONE_VERIFY_CONFIRM,
+      API_ENDPOINTS.MFA_WEBAUTHN_REGISTER_OPTIONS,
+      API_ENDPOINTS.MFA_WEBAUTHN_REGISTER_VERIFY,
+      API_ENDPOINTS.MFA_WEBAUTHN_CREDENTIALS
+    ],
+    sessionProbePaths: base.sessionProbePaths,
+    includeAdminMfaSecurityPrefixes: base.includeAdminMfaSecurityPrefixes ?? true
+  };
+}
+function formatUnauthorizedRoute(route) {
+  if (route.startsWith("#")) {
+    return route;
+  }
+  if (typeof window !== "undefined" && window.location.hash.startsWith("#/")) {
+    return `#${route.startsWith("/") ? route : `/${route}`}`;
+  }
+  return route;
+}
+function setBearerAuthorization(requestConfig, token) {
+  if (typeof requestConfig.headers?.set === "function") {
+    requestConfig.headers.set("Authorization", `Bearer ${token}`);
+    return;
+  }
+  requestConfig.headers.Authorization = `Bearer ${token}`;
+}
+async function handleAuthHttpError(error, axiosInstanceRef) {
+  if (!error.response || !error.config) {
+    return Promise.reject(error);
+  }
+  const status = error.response.status;
+  if (status !== 401 && status !== 403) {
+    return Promise.reject(error);
+  }
+  const shouldHandleOnPublicPath = config3.skipCurrentPublicPath?.() ?? false;
+  const allowUnauthorizedHandling = config3.shouldHandleUnauthorized?.() ?? true;
+  if (!shouldHandleOnPublicPath || !allowUnauthorizedHandling) {
+    return Promise.reject(error);
+  }
+  const { parseApiErrorPayload } = await import('./auth-error-codes-D7CXVBEN.js');
+  const { persistAuthError, resolveAuthErrorAction } = await import('./auth-interceptor-policy-F7JIJWSQ.js');
+  const reqConfig = error.config;
+  const payload = parseApiErrorPayload(error.response.data);
+  const action = resolveAuthErrorAction({
+    status,
+    errorCode: payload.errorCode,
+    url: reqConfig.url,
+    skipGlobalAuthRedirect: reqConfig.skipGlobalAuthRedirect,
+    isRetryRequest: reqConfig.__isRetryRequest,
+    policy: buildAuthPolicy()
+  });
+  if (action.kind === "reject") {
+    return Promise.reject(error);
+  }
+  if (action.kind === "refresh_retry") {
+    try {
+      await refreshSession({ force: true });
+    } catch {
+    }
+    const token = getAccessToken();
+    if (token) {
+      const newConfig = { ...reqConfig, __isRetryRequest: true };
+      setBearerAuthorization(newConfig, token);
+      return axiosInstanceRef.request(newConfig);
+    }
+    persistAuthError(payload);
+    const unauthorizedRoute = formatUnauthorizedRoute(buildAuthPolicy().routes.unauthorized);
+    if (typeof window !== "undefined") {
+      window.location.replace(unauthorizedRoute);
+    }
+    void config3.onLogout?.();
+    return Promise.reject(error);
+  }
+  persistAuthError(payload);
+  if (action.kind === "logout" || action.kind === "redirect") {
+    if (action.clearSession) {
+      void config3.onLogout?.();
+    }
+    if (typeof window !== "undefined") {
+      window.location.replace(formatUnauthorizedRoute(action.route));
+    }
+  }
+  return Promise.reject(error);
+}
 function persistHubContextFromClientConfig(clientConfig) {
   const existing = storage.get(HUBSPOT_DATA) || {};
   const next = { ...existing };
@@ -377,6 +516,9 @@ function initializeHttpClient(clientConfig) {
     configureStorageKeys(clientConfig.storageKeys);
   }
   setIframeStorageMode(clientConfig.storageMode === "iframe");
+  if (typeof clientConfig.refreshBufferSeconds === "number") {
+    setRefreshBufferSeconds(clientConfig.refreshBufferSeconds);
+  }
   if (clientConfig.editorPreviewMockHandler !== void 0) {
     setEditorPreviewMockHandler(clientConfig.editorPreviewMockHandler);
   }
@@ -444,7 +586,7 @@ function initializeHttpClient(clientConfig) {
             phase: "complete"
           });
         }
-        if (status != null && status >= 400 && status !== 401) {
+        if (status != null && status >= 400 && status !== 401 && status !== 403) {
           logger.warn("http", "HTTP error response", {
             method: getHttpMethod(error.config),
             url: sanitizeHttpUrl(error.config.url),
@@ -455,30 +597,19 @@ function initializeHttpClient(clientConfig) {
         }
         notifyServiceUnavailable(error);
       }
-      if (error.response && error.response.status === 401) {
-        const shouldHandleAuthError = config3.skipCurrentPublicPath?.() ?? false;
-        const allowUnauthorizedHandling = config3.shouldHandleUnauthorized?.() ?? true;
-        if (shouldHandleAuthError && allowUnauthorizedHandling) {
-          const payload = error.response.data ?? {};
-          const data = {
-            errorCode: payload.errorCode,
-            errorMessage: payload.errorMessage ?? payload.message,
-            detailedMessage: payload.detailedMessage,
-            correlationId: payload.correlationId,
-            ts: Date.now()
-          };
-          if (typeof window !== "undefined" && window.sessionStorage) {
-            sessionStorage.setItem("authError", JSON.stringify(data));
-          }
-          if (config3.routes?.unauthorized && typeof window !== "undefined") {
-            window.location.replace(`#${config3.routes.unauthorized}`);
-          }
-          void config3.onLogout?.();
-        }
-      }
-      return Promise.reject(error);
+      return handleAuthHttpError(error, axiosInstance);
     }
   );
+  stopVisibilityRefreshScheduler();
+  startVisibilityRefreshScheduler({
+    shouldRefresh: () => isAccessTokenExpired(),
+    refresh: async () => {
+      try {
+        await refreshSession();
+      } catch {
+      }
+    }
+  });
   logger.info("http", "HTTP client initialized", { baseURL });
 }
 function getAxiosInstance() {
@@ -559,17 +690,50 @@ function getFieldErrors(error) {
   }
   return null;
 }
+async function postRefreshCookie(headers) {
+  const apiUrl = generateApiUrl({
+    route: API_ENDPOINTS.AUTH_REFRESH_COOKIE,
+    queryParams: { hubId: config.hubId }
+  });
+  return getAxiosInstance().post(apiUrl, {}, {
+    headers,
+    withCredentials: true,
+    skipGlobalAuthRedirect: true
+  });
+}
 async function getAuthRefreshToken(refreshToken) {
-  if (refreshToken == null || refreshToken.trim() === "") {
-    return { token: null, success: false };
-  }
   try {
     const headers = {};
     if (config.devPortalId) {
       headers["X-Dev-Portal-Id"] = config.devPortalId;
     }
-    const api_url = generateApiUrl({ route: API_ENDPOINTS.AUTH_REFRESH, queryParams: { hubId: config.hubId } });
-    const response = await getAxiosInstance().post(api_url, { refreshToken }, { headers });
+    let response;
+    if (config3.useCookieRefresh) {
+      try {
+        response = await postRefreshCookie(headers);
+      } catch {
+        if (refreshToken == null || refreshToken.trim() === "") {
+          return { token: null, success: false };
+        }
+        const apiUrl = generateApiUrl({
+          route: API_ENDPOINTS.AUTH_REFRESH,
+          queryParams: { hubId: config.hubId }
+        });
+        response = await getAxiosInstance().post(apiUrl, { refreshToken }, {
+          headers,
+          skipGlobalAuthRedirect: true
+        });
+      }
+    } else {
+      if (refreshToken == null || refreshToken.trim() === "") {
+        return { token: null, success: false };
+      }
+      const apiUrl = generateApiUrl({
+        route: API_ENDPOINTS.AUTH_REFRESH,
+        queryParams: { hubId: config.hubId }
+      });
+      response = await getAxiosInstance().post(apiUrl, { refreshToken }, { headers });
+    }
     const maybeData = response?.data?.data || response?.data;
     const tokenData = maybeData?.tokenData || maybeData || {};
     const newRefreshToken = tokenData?.refreshToken;
@@ -587,7 +751,7 @@ async function getAuthRefreshToken(refreshToken) {
       setRefreshToken(newRefreshToken, rExpires);
     }
     if (typeof token === "string") {
-      setAccessToken(token, typeof expiresIn === "number" ? expiresIn : void 0);
+      storAccessToken(token, typeof expiresIn === "number" ? expiresIn : void 0);
       return { token, success: true };
     }
     return { token: null, success: false };
@@ -1538,6 +1702,8 @@ var authenticationClient = {
     },
     verifyOtp: (data) => mfaClient.verifyOtp(data),
     verifyEmail: (data) => AuthHttpClient.post(API_ENDPOINTS.VERIFY_EMAIL, data),
+    /** Legacy client greenfield signup route (predates /api/auth/* registry). */
+    register: (data) => AuthHttpClient.post("/register", data),
     resetPasswordVerifyToken: (data) => AuthHttpClient.post(API_ENDPOINTS.RESET_PASSWORD_VERIFY_TOKEN, data),
     resetPassword: (data) => AuthHttpClient.post(API_ENDPOINTS.RESET_PASSWORD, data),
     forgetPassword: (data) => AuthHttpClient.post(API_ENDPOINTS.FORGET_PASSWORD, data),
@@ -2288,6 +2454,6 @@ function createMutation(mutationFn, options) {
   };
 }
 
-export { Client, SERVICE_UNAVAILABLE_MESSAGE, buildCachePurgeRequest, buildCrmListPurgeTarget, buildCrmSinglePurgeTarget, buildEngagementPurgeTarget, buildPortalConfigPurgeTarget, buildUserSessionPurgeTarget, classifyHttpError, config, createCachePurgeJob, createMutation, extractEngagementItemIdFromWriteResponse, extractHubspotRecordIdFromWriteResponse, getAuthRefreshToken, getFieldErrors, getFormErrors, getHttpErrorMessage, initializeHttpClient, isServiceUnavailableError, mergePurgeTargets, navigationApi, purgeCrmCombined, purgeCrmDetailAndListAfterCrmWrite, purgeCrmListCache, purgeCrmListCacheAfterCrmWrite, purgeCrmObjectDataCache, purgeCrmRecordCache, purgeEngagementCaches, purgeEngagementCachesAfterCrmWrite, resolveCrmListPurgeQuery, resolveListTableParams, setConfig, setEditorPreviewMockHandler, storage, toCachePurgeListQuery };
-//# sourceMappingURL=chunk-ZMZPDWQL.js.map
-//# sourceMappingURL=chunk-ZMZPDWQL.js.map
+export { Client, SERVICE_UNAVAILABLE_MESSAGE, buildCachePurgeRequest, buildCrmListPurgeTarget, buildCrmSinglePurgeTarget, buildEngagementPurgeTarget, buildPortalConfigPurgeTarget, buildUserSessionPurgeTarget, classifyHttpError, config, createCachePurgeJob, createMutation, extractEngagementItemIdFromWriteResponse, extractHubspotRecordIdFromWriteResponse, getAuthRefreshToken, getFieldErrors, getFormErrors, getHttpErrorMessage, initializeHttpClient, isServiceUnavailableError, mergePurgeTargets, navigationApi, purgeCrmCombined, purgeCrmDetailAndListAfterCrmWrite, purgeCrmListCache, purgeCrmListCacheAfterCrmWrite, purgeCrmObjectDataCache, purgeCrmRecordCache, purgeEngagementCaches, purgeEngagementCachesAfterCrmWrite, resolveCrmListPurgeQuery, resolveListTableParams, setConfig, setEditorPreviewMockHandler, startVisibilityRefreshScheduler, stopVisibilityRefreshScheduler, storage, toCachePurgeListQuery };
+//# sourceMappingURL=chunk-GDMFRKAK.js.map
+//# sourceMappingURL=chunk-GDMFRKAK.js.map