chore: update readmes, fix types and comments

[ancheetah]

JIRA Ticket

Description

Updates readmes for most packages except sdk-oidc and journey-client

Summary by CodeRabbit

• Documentation

  • Updated READMEs across packages with clarified examples, import paths, FIDO browser support notes, and iframe-manager/storage usage guidance (error-result handling documented).

• New Features / API

  • Added optional custom logger support.
  • Introduced createStorage API and updated storage configuration semantics.
  • Device-client APIs now document return types that may include an error union.

• Tests

  • Re-enabled a previously skipped FIDO end-to-end test.

• Chores

  • Patch version bumps across multiple packages.

[changeset-bot]

🦋 Changeset detected

Latest commit: f173256

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 12 packages

Name	Type
@forgerock/sdk-request-middleware	Patch
@forgerock/iframe-manager	Patch
@forgerock/storage	Patch
@forgerock/sdk-logger	Patch
@forgerock/davinci-client	Patch
@forgerock/device-client	Patch
@forgerock/sdk-utilities	Patch
@forgerock/oidc-client	Patch
@forgerock/sdk-types	Patch
@forgerock/protect	Patch
@forgerock/journey-client	Patch
@forgerock/sdk-oidc	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

📝 Walkthrough

Walkthrough

Patch release changeset plus documentation, type/import cleanups, API-surface documentation updates, a behavioral change in iframe redirect error handling, and an un-skipped e2e FIDO test. No broad runtime API signature changes in source code; changes are primarily docs, types, and tests.

Changes

Cohort / File(s)	Summary
Release Changeset ​.changeset/sour-jobs-count.md	New patch changeset listing patch bumps for multiple @forgerock/* packages and notes to update READMEs/types.
Logger & Protect READMEs packages/sdk-effects/logger/README.md, packages/protect/README.md	Rebranded imports; logger README adds optional custom logger and CustomLogger/LogMessage types in docs; protect README replaces @forgerock/javascript-sdk usage with @forgerock/journey-client and swaps FRAuth.next → journeyClient.next in examples.
Storage docs & test packages/sdk-effects/storage/README.md, packages/sdk-effects/storage/src/lib/storage.effects.test.ts	Docs show new createStorage API, new CustomStorageConfig/CustomStorageObject types and key semantics (${prefix}-${name}); test type annotation broadened from Omit<StorageConfig,'tokenStore'> to StorageConfig.
Iframe manager: docs & impl packages/sdk-effects/iframe-manager/README.md, packages/sdk-effects/iframe-manager/src/lib/iframe-manager.effects.ts	Docs and implementation changed so getParamsByRedirect resolves with parsed params (including error params) instead of rejecting; callers must inspect returned params for error keys.
Request middleware docs/types packages/sdk-effects/sdk-request-middleware/README.md	Examples updated (endpoint name/param renames); README introduces actionTypes, ActionTypes/EndpointTypes aliases and a more specific RequestMiddleware/QueryReturnValue shape in docs.
Device client README & store cleanup packages/device-client/README.md, packages/device-client/src/lib/device.store.ts	README updated to consolidate imports and show API return types unioned with { error: unknown }; source file converted several runtime imports to type-only and corrected JSDoc function tags.
OIDC & SDK-types docs and small type edits packages/oidc-client/README.md, packages/sdk-types/README.md, packages/sdk-types/src/lib/authorize.types.ts	OIDC README title/description updated; sdk-types README reorganized with new Authorization/Error/Policy subsections; minor JSDoc/comment trimming in authorize.types.ts.
DaVinci FIDO README & e2e test packages/davinci-client/src/lib/fido/README.md, e2e/davinci-suites/src/fido.test.ts	FIDO README adds note about browser support for navigator.credentials; previously skipped e2e FIDO test was enabled.
SDK utilities README packages/sdk-utilities/README.md	Doc restructure to add "Error Utilities", example updates, and switch test/lint commands to nx form.
SDK-types README (duplicate entry) packages/sdk-types/README.md	Added Authorization/Error/Policy type subsections and moved build/test commands to nx.

Sequence Diagram(s)

(omitted)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• chore(protect): remove note in readme #507 — Related edits to packages/protect/README.md (documentation and client reference updates).
• chore(oidc-client): re-export necessary types #495 — Related changes touching oidc-client types/imports and re-exports.
• SDKS-4361: Improve storage client type #417 — Related storage package changes (docs/tests/types for storage surface).

Suggested reviewers

• ryanbas21
• cerebrl

Poem

🐰 I hopped through READMEs in a single bound,
types tidied, docs refreshed, tests un-silenced found.
I nibbled on storage keys and logger tunes,
a tiny patch moonlit under codebase moons,
Hooray — the SDK gives a cheerful bound!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description provides a brief summary of the changes (README updates excluding sdk-oidc and journey-client, plus type/comment fixes) but is incomplete compared to the template structure.	Add a JIRA ticket reference if applicable, and expand the description to better document the scope and nature of the README and type fixes made across the affected packages.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'chore: update readmes, fix types and comments' accurately describes the main changes in the pull request, which consist of README updates and type/comment fixes across multiple packages.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch readmes-2.0

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nx-cloud]

View your CI Pipeline Execution ↗ for commit f173256

Command	Status	Duration	Result
nx run-many -t build --no-agents	✅ Succeeded	<1s	View ↗
nx affected -t build lint test e2e-ci	✅ Succeeded	1m 29s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-02-07 01:08:59 UTC

[coderabbitai]

Actionable comments posted: 5

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

packages/device-client/src/lib/device.store.ts (2)

339-344: ⚠️ Potential issue | 🟡 Minor

JSDoc description inconsistency: "Get profile devices" should be "Delete profile device".

The @function delete annotation is correct, but the description on line 340 still says "Get profile devices" which doesn't match the delete operation. Similarly, the @param description on line 344 says "used to update a profile device" but should say "used to delete a profile device".

📝 Proposed fix for JSDoc description

       /**
-       * Get profile devices
+       * Delete a profile device
        *
        * `@async`
        * `@function` delete
-       * `@param` {ProfileDevicesQuery} query - The query used to update a profile device
+       * `@param` {ProfileDevicesQuery} query - The query used to delete a profile device
        * `@returns` {Promise<null | { error: unknown }>} - A promise that resolves to null or an error object if the response is not valid.
        */

---

316-321: ⚠️ Potential issue | 🟡 Minor

JSDoc description inconsistency: "Get profile devices" should describe the update operation.

The description on line 317 says "Get profile devices" but this is the update function. The description should reflect the update operation.

📝 Proposed fix for JSDoc description

       /**
-       * Get profile devices
+       * Update a profile device
        *
        * `@async`
        * `@function` update
        * `@param` {ProfileDevicesQuery} query - The query used to update a profile device

🤖 Fix all issues with AI agents

In `@packages/protect/README.md`:
- Around line 73-77: The README code sample has a typo: the client variable is
spelled "jouneyClient" instead of "journeyClient", which would break copy‑paste;
update the snippet to use the correct symbol "journeyClient.next(step)" so it
matches the rest of the docs and any referenced initialization code.

In `@packages/sdk-effects/iframe-manager/src/lib/iframe-manager.effects.ts`:
- Around line 116-120: Update the JSDoc for the method that uses hasErrorParams
to indicate that when errorParams are present the function now resolves (not
rejects) with parsedParams for context; locate the docstring above the function
containing hasErrorParams/searchParams/errorParams and change wording from
"rejects on error" to something like "resolves with parsed params when
errorParams are present" and mention cleanup() is called before resolve to
preserve expected behavior.

In `@packages/sdk-effects/storage/README.md`:
- Around line 44-54: The README example uses the type GenericError in the
CustomStorageObject method signatures but doesn't show where it comes from;
update the example to import or document GenericError (e.g., reference
GenericError alongside CustomStorageObject/CustomStorageConfig) so readers can
resolve the type. Specifically, add or mention an import that includes
GenericError (the same module that exports
CustomStorageObject/CustomStorageConfig, or note it comes from
`@forgerock/sdk-types`) and ensure the README example references those symbols
(GenericError, CustomStorageObject, CustomStorageConfig) so the example compiles
for consumers.

In `@packages/sdk-types/README.md`:
- Around line 125-135: Update the README's build and test commands to reference
the correct Nx project name: replace occurrences of "nx build storage" and "nx
test storage" with "nx build sdk-types" and "nx test sdk-types" respectively so
the commands match the actual package; ensure the changes are made in
packages/sdk-types/README.md where the "Building" and "Testing" sections define
those commands.

In `@packages/sdk-utilities/README.md`:
- Around line 84-90: The README’s test command misspells the Nx project target;
update the command string in packages/sdk-utilities/README.md from "nx test
sdk-utiities" to the correct project name "nx test sdk-utilities" so the Nx test
target (sdk-utilities) will run correctly.

🧹 Nitpick comments (2)

packages/davinci-client/src/lib/fido/README.md (1)

7-8: Good addition—browser support note is helpful.

The note clearly states the browser requirement for WebAuthn APIs, which is important context for developers.

Optional enhancement: Consider adding browser compatibility details.

To make this more actionable for developers, you could optionally enhance the note with:

• A link to browser compatibility information (e.g., MDN or caniuse.com)
• Mention of how to detect/handle unsupported browsers
• Minimum browser versions if applicable

Example:

-**Note**: To use this module, browser support is required for `navigator.credentials.create` and `navigator.credentials.get`
+**Note**: To use this module, browser support is required for [`navigator.credentials.create`](https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/create) and [`navigator.credentials.get`](https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/get). Check browser compatibility and consider feature detection before using this module.

packages/sdk-effects/iframe-manager/README.md (1)

89-103: Catch block example may be misleading given the new resolve behavior.

Since errorParams now causes the promise to resolve (not reject), the catch block at lines 89-103 will only handle truly unexpected errors or internal_error cases. The check for errorResult.error || errorResult.error_description at lines 94-98 within the catch block appears redundant with the new behavior, as server errors via errorParams should now be handled in the success path (lines 79-82).

Consider simplifying the catch block to only handle internal errors:

📝 Suggested simplification

   } catch (errorResult) {
-    // Failure case: Check if it's a known error from the server or an internal error
     if (errorResult && errorResult.type === 'internal_error') {
       // Timeout or iframe access error
       console.error(`Iframe operation failed: ${errorResult.message}`);
-    } else if (errorResult && (errorResult.error || errorResult.error_description)) {
-      // Error reported by the authorization server via errorParams
-      console.error('Silent login failed. Server returned error:', errorResult);
-      // const errorCode = errorResult.error;
-      // const errorDesc = errorResult.error_description;
     } else {
       // Other unexpected error
       console.error('An unexpected error occurred:', errorResult);
     }
   }

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Missing GenericError type reference in custom storage example.

The custom storage methods reference GenericError in their return types (e.g., Promise<string | null | GenericError>) but there's no import or explanation of where this type comes from.

📝 Suggested addition to imports or explanation

Either add to the import:

import { createStorage, type CustomStorageConfig, type CustomStorageObject, type GenericError } from '@forgerock/storage';

Or add a note explaining that GenericError is imported from @forgerock/sdk-types.

🤖 Prompt for AI Agents

In `@packages/sdk-effects/storage/README.md` around lines 44 - 54, The README
example uses the type GenericError in the CustomStorageObject method signatures
but doesn't show where it comes from; update the example to import or document
GenericError (e.g., reference GenericError alongside
CustomStorageObject/CustomStorageConfig) so readers can resolve the type.
Specifically, add or mention an import that includes GenericError (the same
module that exports CustomStorageObject/CustomStorageConfig, or note it comes
from `@forgerock/sdk-types`) and ensure the README example references those
symbols (GenericError, CustomStorageObject, CustomStorageConfig) so the example
compiles for consumers.

[nx-cloud]

Nx Cloud has identified a flaky task in your failed CI:

🔂 Since the failure was identified as flaky, we triggered a CI rerun by adding an empty commit to this branch.

View detailed reasoning in Nx Cloud ↗

_{🎓 Learn more about Self-Healing CI on nx.dev}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (4)

packages/device-client/src/lib/device.store.ts (1)

339-344: ⚠️ Potential issue | 🟡 Minor

Remaining copy-paste JSDoc issues in the profile section.

The @function tag fix on line 343 is correct, but the surrounding JSDoc still has leftover issues from copy-paste:

1. Line 340: Description says "Get profile devices" — should be "Delete a profile device" (same issue on line 317 for update, which says "Get profile devices" instead of "Update a profile device").
2. Line 344: @param says "The query used to update a profile device" — should say "delete".
3. Line 322 (the update method's @returns): Minor typo — "or or an error object" has a duplicated "or".

Since this PR targets comment fixes, consider cleaning these up as well.

📝 Proposed JSDoc fixes for the profile section

For the update method (lines 316–322):

      /**
-       * Get profile devices
+       * Update a profile device
        *
        * `@async`
        * `@function` update
        * `@param` {ProfileDevicesQuery} query - The query used to update a profile device
-       * `@returns` {Promise<ProfileDevice | { error: unknown }>} - A promise that resolves to the response data or or an error object if the response is not valid.
+       * `@returns` {Promise<ProfileDevice | { error: unknown }>} - A promise that resolves to the response data or an error object if the response is not valid.
        */

For the delete method (lines 339–344):

      /**
-       * Get profile devices
+       * Delete a profile device
        *
        * `@async`
        * `@function` delete
-       * `@param` {ProfileDevicesQuery} query - The query used to update a profile device
+       * `@param` {ProfileDevicesQuery} query - The query used to delete a profile device
        * `@returns` {Promise<null | { error: unknown }>} - A promise that resolves to null or an error object if the response is not valid.
        */

packages/sdk-effects/logger/README.md (1)

78-110: ⚠️ Potential issue | 🟡 Minor

Clarify that level filtering applies before delegating to custom logger.

The current text "all log calls will be delegated" is misleading—the implementation applies level filtering before delegation, so calls below the current level never reach the custom logger. Update to:

Suggested fix

-When a custom logger is provided, all log calls will be delegated to your implementation. If no custom logger is provided, the logger falls back to the browser's native `console` methods.
+When a custom logger is provided, log calls are first filtered by the current level, then delegated to your implementation. If no custom logger is provided, the logger falls back to the browser's native `console` methods.

packages/sdk-effects/iframe-manager/README.md (2)

49-54: ⚠️ Potential issue | 🔴 Critical

Critical: Inconsistent error handling documentation.

Lines 49-53 state that failures resolve with error objects, but line 54 says it returns "An Error" for validation failures (missing/empty successParams or errorParams). This is ambiguous:

• Does line 54 mean the promise rejects with an Error (throwing synchronously or rejecting the promise)?
• Or does it mean the promise resolves with an Error object?

This inconsistency will confuse developers about whether they need a try-catch block for validation errors.

Recommendation: Clarify whether validation errors reject the promise or resolve with an error object. If they reject, update the "On Failure" heading to distinguish between resolution-based errors and rejection-based errors.

---

89-103: ⚠️ Potential issue | 🟠 Major

Major: Catch block appears inconsistent with documented behavior.

The documentation states (lines 49-53) that internal errors resolve with objects like { type: 'internal_error', message: '...' }. However, the example's catch block (lines 89-103) attempts to handle these internal_error objects, which would never execute if they resolve rather than reject.

Additionally:

• Lines 94-98 check for error/error_description in the catch block, but these are already handled at lines 79-82 in the try block.
• If the promise always resolves (as stated in line 75), this entire catch block would only execute for the validation Error mentioned in line 54.

Recommendation: Clarify the catch block's purpose:

1. If internal_error cases truly resolve (per docs), remove lines 91-93 from the catch block
2. If error parameters truly resolve (per docs), remove lines 94-98 from the catch block
3. Keep the catch block only if line 54 validation errors actually reject (and document this clearly)

🧹 Nitpick comments (2)

packages/sdk-effects/storage/README.md (1)

70-70: Minor style improvement: incomplete sentence.

The sentence lacks a subject. Consider revising for better readability.

✍️ Suggested style fix

-- `type`: Specifies the storage mechanism. Can be `'localStorage'`, `'sessionStorage'`, or `'custom'`.
+- `type`: Specifies the storage mechanism. It can be `'localStorage'`, `'sessionStorage'`, or `'custom'`.

packages/device-client/README.md (1)

233-236: Simplify the error checking logic.

The condition !Array.isArray(getResponse) || 'error' in getResponse is unnecessarily complex. Given the return type WebAuthnDevice[] | { error: unknown }, the || 'error' in getResponse part is redundant since arrays won't have an 'error' property. A cleaner and more idiomatic approach would be to use just the type guard 'error' in getResponse, which TypeScript will properly narrow.

📝 Suggested simplification

 const getResponse = await apiClient.webAuthn.get(query);
-if (!Array.isArray(getResponse) || 'error' in getResponse) {
+if ('error' in getResponse) {
   // handle get device error
 }

[codecov-commenter]

Codecov Report

❌ Patch coverage is 0% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 18.82%. Comparing base (b89ad58) to head (f173256).
⚠️ Report is 33 commits behind head on main.

Files with missing lines	Patch %	Lines
...s/iframe-manager/src/lib/iframe-manager.effects.ts	0.00%	1 Missing ⚠️

❌ Your patch status has failed because the patch coverage (0.00%) is below the target coverage (40.00%). You can increase the patch coverage or adjust the target coverage.
❌ Your project status has failed because the head coverage (18.82%) is below the target coverage (40.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #526      +/-   ##
==========================================
+ Coverage   18.79%   18.82%   +0.03%     
==========================================
  Files         140      142       +2     
  Lines       27640    27730      +90     
  Branches      980      991      +11     
==========================================
+ Hits         5195     5221      +26     
- Misses      22445    22509      +64     

Files with missing lines	Coverage Δ
packages/device-client/src/lib/device.store.ts	80.21% <ø> (ø)
packages/sdk-types/src/lib/authorize.types.ts	100.00% <ø> (ø)
...s/iframe-manager/src/lib/iframe-manager.effects.ts	0.94% <0.00%> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[pkg-pr-new]

Open in StackBlitz

@forgerock/davinci-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/davinci-client@526

@forgerock/device-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/device-client@526

@forgerock/journey-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/journey-client@526

@forgerock/oidc-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/oidc-client@526

@forgerock/protect

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/protect@526

@forgerock/sdk-types

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-types@526

@forgerock/sdk-utilities

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-utilities@526

@forgerock/iframe-manager

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/iframe-manager@526

@forgerock/sdk-logger

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-logger@526

@forgerock/sdk-oidc

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-oidc@526

@forgerock/sdk-request-middleware

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-request-middleware@526

@forgerock/storage

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/storage@526

commit: f173256

[github-actions]

Deployed ee435fc to https://ForgeRock.github.io/ping-javascript-sdk/pr-526/ee435fc28b00359d23ee252985553980964da0cf branch gh-pages in ForgeRock/ping-javascript-sdk

[github-actions]

📦 Bundle Size Analysis

📦 Bundle Size Analysis

🚨 Significant Changes

🔻 @forgerock/journey-client - 0.0 KB (-82.5 KB, -100.0%)

📊 Minor Changes

📈 @forgerock/device-client - 9.3 KB (+0.0 KB)
📉 @forgerock/journey-client - 82.5 KB (-0.0 KB)
📉 @forgerock/sdk-types - 7.9 KB (-0.1 KB)
📈 @forgerock/iframe-manager - 2.4 KB (+0.0 KB)

➖ No Changes

➖ @forgerock/oidc-client - 23.5 KB
➖ @forgerock/protect - 150.1 KB
➖ @forgerock/sdk-utilities - 8.5 KB
➖ @forgerock/storage - 1.5 KB
➖ @forgerock/sdk-logger - 1.6 KB
➖ @forgerock/sdk-request-middleware - 4.5 KB
➖ @forgerock/sdk-oidc - 2.6 KB
➖ @forgerock/davinci-client - 39.8 KB

---

13 packages analyzed • Baseline from latest main build

Legend

🆕 New package
🔺 Size increased
🔻 Size decreased
➖ No change

ℹ️ How bundle sizes are calculated

• Current Size: Total gzipped size of all files in the package's dist directory
• Baseline: Comparison against the latest build from the main branch
• Files included: All build outputs except source maps and TypeScript build cache
• Exclusions: .map, .tsbuildinfo, and .d.ts.map files

---

_{🔄 Updated automatically on each push to this PR}

[cerebrl]

Looks good. Just left a single comment.

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

packages/device-client/src/lib/device.store.ts (1)

316-345: ⚠️ Potential issue | 🟡 Minor

JSDoc descriptions for profile.update and profile.delete still say "Get profile devices".

Lines 317 and 340 both read Get profile devices, but they document the update and delete methods respectively. The @function tags were correctly updated, but the summary lines were missed.

📝 Proposed fix

      /**
-       * Get profile devices
+       * Update a profile device
        *
        * `@async`
        * `@function` update

      /**
-       * Get profile devices
+       * Delete a profile device
        *
        * `@async`
        * `@function` delete

packages/sdk-effects/iframe-manager/README.md (2)

49-54: ⚠️ Potential issue | 🟡 Minor

API reference incorrectly states internal errors "resolve" — they actually reject.

Lines 51–53 describe timeout, cross-origin, and setup failures as resolving, but the implementation uses reject() for all three (lines 141, 156, and 165 in iframe-manager.effects.ts). Only the error-params case (line 50) truly resolves.

Suggested fix: split the section into "Resolves" (error params) and "Rejects" (internal errors).

Proposed doc fix

- **On Failure**: Resolves with:
-   - `ResolvedParams`: An object containing _all_ parsed query parameters if the final redirect URL contains any key listed in `errorParams`.
-   - An object `{ type: 'internal_error', message: 'iframe timed out' }` if the specified `timeout` is reached before a success or error condition is met.
-   - An object `{ type: 'internal_error', message: 'unexpected failure' }` if there's an error accessing the iframe's content window (most likely due to a cross-origin redirect that wasn't expected or handled).
-   - An object `{ type: 'internal_error', message: 'error setting up iframe' }` if there was an issue creating or configuring the iframe initially.
-   - An `Error` if `successParams` or `errorParams` are missing or empty during setup.
+ **On Error Params**: Resolves with `ResolvedParams` containing _all_ parsed query parameters if the final redirect URL contains any key listed in `errorParams`. The caller must inspect the result for error keys.
+ **On Failure (Rejects)**: Rejects with:
+   - `{ type: 'internal_error', message: 'iframe timed out' }` if the specified `timeout` is reached.
+   - `{ type: 'internal_error', message: 'unexpected failure' }` on cross-origin access errors.
+   - `{ type: 'internal_error', message: 'error setting up iframe' }` on iframe creation failure.
+   - Throws an `Error` synchronously if `successParams` or `errorParams` are missing or empty.

---

89-102: ⚠️ Potential issue | 🟡 Minor

Catch block in example contains dead code for the new error-params flow.

Lines 94–98 check for errorResult.error / errorResult.error_description inside the catch block, but with the new behavior, error params now resolve (handled on lines 79–82 in the try block). This branch is unreachable and will confuse readers about the new contract.

Suggested cleanup

   } catch (errorResult) {
-    // Failure case: Check if it's a known error from the server or an internal error
     if (errorResult && errorResult.type === 'internal_error') {
       // Timeout or iframe access error
       console.error(`Iframe operation failed: ${errorResult.message}`);
-    } else if (errorResult && (errorResult.error || errorResult.error_description)) {
-      // Error reported by the authorization server via errorParams
-      console.error('Silent login failed. Server returned error:', errorResult);
-      // const errorCode = errorResult.error;
-      // const errorDesc = errorResult.error_description;
     } else {
       // Other unexpected error
       console.error('An unexpected error occurred:', errorResult);
     }
   }