From 9d9b77fc411f8ad2abcd4080ad4fe828c867c469 Mon Sep 17 00:00:00 2001
From: Eiman Eltigani <v-eiman.eltigani@thetradedesk.com>
Date: Thu, 13 Nov 2025 11:39:46 -0700
Subject: [PATCH 1/7] remove unused enableSecureSignals flag and load scripts
 corectly

---
 .../google-secure-signals/client-server/views/index.html   | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/web-integrations/google-secure-signals/client-server/views/index.html b/web-integrations/google-secure-signals/client-server/views/index.html
index fe5ba60..41ab2d0 100644
--- a/web-integrations/google-secure-signals/client-server/views/index.html
+++ b/web-integrations/google-secure-signals/client-server/views/index.html
@@ -57,7 +57,6 @@
           if (eventType === "SdkLoaded") {
             sdk.init({
               baseUrl: "<%- uidBaseUrl %>",
-              enableSecureSignals: true,
             });
           }
         });
@@ -77,9 +76,6 @@
       </div>
       <button id="playButton">Play</button>
       <script type="text/javascript" src="//imasdk.googleapis.com/js/sdkloader/ima3.js"></script>
-      <script async src="<%- secureSignalsSdkUrl %>"></script>
-      <script async src="<%- uidJsSdkUrl %>"></script>
-      <script async src="https://securepubads.g.doubleclick.net/tag/js/gpt.js"></script>
       <script type="text/javascript" src="ads.js"></script>
     </div>
     <%- include('intro.html'); -%>
@@ -129,5 +125,8 @@
         <button type="button" class="button" id="logout">Clear <%- identityName %></button>
       </form>
     </div>
+    <script src="<%- uidJsSdkUrl %>"></script>
+    <script src="<%- secureSignalsSdkUrl %>"></script>
+    <script async src="https://securepubads.g.doubleclick.net/tag/js/gpt.js"></script>
   </body>
 </html>

From 7e03f214ddfb88df176cf7e917783e31ebdb276d Mon Sep 17 00:00:00 2001
From: Eiman Eltigani <v-eiman.eltigani@thetradedesk.com>
Date: Thu, 13 Nov 2025 12:36:17 -0700
Subject: [PATCH 2/7] update token generation page flow for successful token

---
 .../google-secure-signals/client-server/server.js        | 7 ++++++-
 .../google-secure-signals/client-server/views/index.html | 9 +++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/web-integrations/google-secure-signals/client-server/server.js b/web-integrations/google-secure-signals/client-server/server.js
index b8ddb6b..0d7004e 100644
--- a/web-integrations/google-secure-signals/client-server/server.js
+++ b/web-integrations/google-secure-signals/client-server/server.js
@@ -37,6 +37,7 @@ app.set('view engine', 'html');
 
 app.get('/', (req, res) => {
   res.render('index', {
+    identity: undefined,
     uidBaseUrl,
     uidJsSdkUrl,
     uidJsSdkName,
@@ -133,6 +134,7 @@ app.post('/login', async (req, res) => {
 
     if (response.status === 'optout') {
       res.render('optout', {
+        identity: undefined,
         uidBaseUrl,
         uidJsSdkUrl,
         uidJsSdkName,
@@ -142,6 +144,7 @@ app.post('/login', async (req, res) => {
       });
     } else if (response.status !== 'success') {
       res.render('error', {
+        identity: undefined,
         error: 'Got unexpected token generate status in decrypted response: ' + response.status,
         response,
         identityName,
@@ -149,13 +152,14 @@ app.post('/login', async (req, res) => {
       });
     } else if (typeof response.body !== 'object') {
       res.render('error', {
+        identity: undefined,
         error: 'Unexpected token generate response format in decrypted response: ' + response,
         response,
         identityName,
         docsBaseUrl
       });
     } else {
-      res.render('login', {
+      res.render('index', {
         identity: response.body,
         uidBaseUrl,
         uidJsSdkUrl,
@@ -167,6 +171,7 @@ app.post('/login', async (req, res) => {
     }
   } catch (error) {
     res.render('error', {
+      identity: undefined,
       error,
       response: error.response,
       identityName,
diff --git a/web-integrations/google-secure-signals/client-server/views/index.html b/web-integrations/google-secure-signals/client-server/views/index.html
index 41ab2d0..1e2fe79 100644
--- a/web-integrations/google-secure-signals/client-server/views/index.html
+++ b/web-integrations/google-secure-signals/client-server/views/index.html
@@ -60,6 +60,15 @@
             });
           }
         });
+        sdk.callbacks.push((eventType, payload) => {
+          if (eventType === 'InitCompleted') {
+            <% if (typeof identity !== 'undefined') { %>
+            if (sdk.isLoginRequired()) {
+              sdk.setIdentity(<%- JSON.stringify(identity) %>);
+            }
+            <% } %>
+          }
+        });
         sdk.callbacks.push(onIdentityUpdated);
       });
     </script>

From b7e88170c0ba1f6cc1b5adfa90ac3136cd62222b Mon Sep 17 00:00:00 2001
From: Eiman Eltigani <v-eiman.eltigani@thetradedesk.com>
Date: Thu, 13 Nov 2025 13:21:31 -0700
Subject: [PATCH 3/7] update and simplify flow

---
 .../client-server/server.js                   | 13 ++-
 .../client-server/views/index.html            | 94 ++++++++++++++++---
 .../client-server/views/login.html            | 39 --------
 .../client-server/views/optout.html           | 19 ----
 4 files changed, 90 insertions(+), 75 deletions(-)
 delete mode 100644 web-integrations/google-secure-signals/client-server/views/login.html
 delete mode 100644 web-integrations/google-secure-signals/client-server/views/optout.html

diff --git a/web-integrations/google-secure-signals/client-server/server.js b/web-integrations/google-secure-signals/client-server/server.js
index 0d7004e..6f32122 100644
--- a/web-integrations/google-secure-signals/client-server/server.js
+++ b/web-integrations/google-secure-signals/client-server/server.js
@@ -38,10 +38,12 @@ app.set('view engine', 'html');
 app.get('/', (req, res) => {
   res.render('index', {
     identity: undefined,
+    isOptout: false,
     uidBaseUrl,
     uidJsSdkUrl,
     uidJsSdkName,
     secureSignalsSdkUrl,
+    secureSignalsStorageKey: process.env.UID_SECURE_SIGNALS_STORAGE_KEY,
     identityName,
     docsBaseUrl
   });
@@ -133,18 +135,19 @@ app.post('/login', async (req, res) => {
     const response = decrypt(encryptedResponse.data, uidClientSecret, nonce);
 
     if (response.status === 'optout') {
-      res.render('optout', {
-        identity: undefined,
+      res.render('index', {
+        identity: null,
+        isOptout: true,
         uidBaseUrl,
         uidJsSdkUrl,
         uidJsSdkName,
         secureSignalsSdkUrl,
+        secureSignalsStorageKey: process.env.UID_SECURE_SIGNALS_STORAGE_KEY,
         identityName,
         docsBaseUrl
       });
     } else if (response.status !== 'success') {
       res.render('error', {
-        identity: undefined,
         error: 'Got unexpected token generate status in decrypted response: ' + response.status,
         response,
         identityName,
@@ -152,7 +155,6 @@ app.post('/login', async (req, res) => {
       });
     } else if (typeof response.body !== 'object') {
       res.render('error', {
-        identity: undefined,
         error: 'Unexpected token generate response format in decrypted response: ' + response,
         response,
         identityName,
@@ -161,17 +163,18 @@ app.post('/login', async (req, res) => {
     } else {
       res.render('index', {
         identity: response.body,
+        isOptout: false,
         uidBaseUrl,
         uidJsSdkUrl,
         uidJsSdkName,
         secureSignalsSdkUrl,
+        secureSignalsStorageKey: process.env.UID_SECURE_SIGNALS_STORAGE_KEY,
         identityName,
         docsBaseUrl
       });
     }
   } catch (error) {
     res.render('error', {
-      identity: undefined,
       error,
       response: error.response,
       identityName,
diff --git a/web-integrations/google-secure-signals/client-server/views/index.html b/web-integrations/google-secure-signals/client-server/views/index.html
index 1e2fe79..51ff32e 100644
--- a/web-integrations/google-secure-signals/client-server/views/index.html
+++ b/web-integrations/google-secure-signals/client-server/views/index.html
@@ -7,6 +7,9 @@
     <link rel="stylesheet" type="text/css" href="/stylesheets/style.css" />
     <link rel="shortcut icon" href="/images/favicon.png" />
     <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
+    <script src="<%- uidJsSdkUrl %>"></script>
+    <script src="<%- secureSignalsSdkUrl %>"></script>
+    <script async src="https://securepubads.g.doubleclick.net/tag/js/gpt.js"></script>
 
     <script>
       $(document).ready(() => {
@@ -23,16 +26,55 @@
           $("#login_required").html(sdk.isLoginRequired() ? "yes" : "no");
           $("#update_counter").html(callbackCounter);
           $("#identity_state").html(String(JSON.stringify(payload, null, 2)));
+          
+          // Update Secure Signals from localStorage (like client-side does)
+          updateSecureSignals();
 
+          <% if (isOptout) { %>
+          // Opt-out case - always show opt-out form regardless of loginRequired status
+          $("#login_form").hide();
+          $("#logout_form").hide();
+          $("#optout_form").show();
+          $("#optout_banner").show();
+          $('#googleAdContainer').hide();
+          <% } else { %>
+          // Non-opt-out case - check if login is required
           if (sdk.isLoginRequired()) {
             $("#login_form").show();
             $("#logout_form").hide();
+            $("#optout_form").hide();
+            $("#optout_banner").hide();
             $('#googleAdContainer').hide();
           } else {
+            // Success case
             $("#login_form").hide();
             $("#logout_form").show();
+            $("#optout_form").hide();
+            $("#optout_banner").hide();
             $('#googleAdContainer').show();
           }
+          <% } %>
+        }
+        
+        function updateSecureSignals() {
+          try {
+            // Read from localStorage like client-side does
+            const secureSignalsStorageKey = '<%- secureSignalsStorageKey %>';
+            const secureSignalsStorage = localStorage[secureSignalsStorageKey];
+            const secureSignalsStorageJson = secureSignalsStorage && JSON.parse(secureSignalsStorage);
+            
+            if (secureSignalsStorageJson && secureSignalsStorageJson[1]) {
+              $("#secure_signals_loaded").html("yes");
+              $("#secure_signals_value").html(JSON.stringify(secureSignalsStorageJson, null, 2));
+            } else {
+              $("#secure_signals_loaded").html("no");
+              $("#secure_signals_value").html("undefined");
+            }
+          } catch (e) {
+            console.log("Secure signals not yet available", e);
+            $("#secure_signals_loaded").html("no");
+            $("#secure_signals_value").html("undefined");
+          }
         }
 
         function onIdentityUpdated(eventType, payload) {
@@ -42,17 +84,22 @@
           ) {
             ++callbackCounter;
           }
-          updateGuiElements(payload);
+          // Allow time for secure signals to load
+          setTimeout(() => updateGuiElements(payload), 1000);
         }
 
         $("#logout").click(() => {
-          sdk.disconnect();
           window.googletag.secureSignalProviders.clearAllCache();
-          updateGuiElements(undefined);
+          sdk.disconnect();
+          window.location.href = '/';
         });
-        $("#login").click(() => {
+        
+        $("#try_another").click(() => {
           window.googletag.secureSignalProviders.clearAllCache();
+          sdk.disconnect();
+          window.location.href = '/';
         });
+
         sdk.callbacks.push((eventType, payload) => {
           if (eventType === "SdkLoaded") {
             sdk.init({
@@ -60,15 +107,29 @@
             });
           }
         });
+        
         sdk.callbacks.push((eventType, payload) => {
           if (eventType === 'InitCompleted') {
-            <% if (typeof identity !== 'undefined') { %>
+            <% if (identity !== null && typeof identity !== 'undefined') { %>
+            // Server provided an identity, set it
             if (sdk.isLoginRequired()) {
               sdk.setIdentity(<%- JSON.stringify(identity) %>);
+            } else {
+              // Identity already exists, just update GUI
+              updateGuiElements(payload);
             }
+            <% } else if (isOptout) { %>
+            // Opt-out case - set identity to null
+            sdk.setIdentity(null);
+            $("#optout_banner").show();
+            updateGuiElements(payload);
+            <% } else { %>
+            // No identity from server
+            updateGuiElements(payload);
             <% } %>
           }
         });
+        
         sdk.callbacks.push(onIdentityUpdated);
       });
     </script>
@@ -114,7 +175,18 @@
         <td class="label"><%- identityName %> Identity Callback State:</td>
         <td class="value"><pre id="identity_state"></pre></td>
       </tr>
+      <tr>
+        <td class="label">Secure Signals Loaded?</td>
+        <td class="value"><pre id="secure_signals_loaded"></pre></td>
+      </tr>
+      <tr>
+        <td class="label">Secure Signals Value:</td>
+        <td class="value"><pre id="secure_signals_value"></pre></td>
+      </tr>
     </table>
+    <div id="optout_banner" style="display: none; border: 3px solid #ffc107; padding: 15px; margin: 20px 0;">
+      <p style="margin: 0;">The email address you entered has opted out of <%- identityName %>.</p>
+    </div>
     <div id="login_form" style="display: none" class="form">
       <form action="/login" method="POST">
         <div class="email_prompt">
@@ -126,16 +198,14 @@
             style="border-style: none"
           />
         </div>
-        <div><input type="submit" value="Generate <%- identityName %>" class="button" id="login" /></div>
+        <div><input type="submit" value="Generate <%- identityName %>" class="button" /></div>
       </form>
     </div>
     <div id="logout_form" style="display: none" class="form">
-      <form>
-        <button type="button" class="button" id="logout">Clear <%- identityName %></button>
-      </form>
+      <button type="button" class="button" id="logout">Clear <%- identityName %></button>
+    </div>
+    <div id="optout_form" style="display: none" class="form">
+      <button type="button" class="button" id="try_another">Try Another Email</button>
     </div>
-    <script src="<%- uidJsSdkUrl %>"></script>
-    <script src="<%- secureSignalsSdkUrl %>"></script>
-    <script async src="https://securepubads.g.doubleclick.net/tag/js/gpt.js"></script>
   </body>
 </html>
diff --git a/web-integrations/google-secure-signals/client-server/views/login.html b/web-integrations/google-secure-signals/client-server/views/login.html
deleted file mode 100644
index 0112178..0000000
--- a/web-integrations/google-secure-signals/client-server/views/login.html
+++ /dev/null
@@ -1,39 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <meta charset="UTF-8" />
-    <title>Login - Client-Server <%- identityName %> SDK Integration Example with Google Secure Signals</title>
-    <link rel="stylesheet" type="text/css" href="/stylesheets/app.css" />
-    <link rel="shortcut icon" href="/images/favicon.png" />
-    <script async src="<%- secureSignalsSdkUrl %>"></script>
-    <script async src="<%- uidJsSdkUrl %>"></script>
-    <script async src="https://securepubads.g.doubleclick.net/tag/js/gpt.js"></script>
-
-    <script>
-      const sdkName = '<%- uidJsSdkName %>';
-      let sdk = window[sdkName];
-      sdk = sdk || { callbacks: [] };
-      sdk.callbacks.push((eventType, payload) => {
-        if (eventType === 'SdkLoaded') {
-          sdk.init({
-            baseUrl: "<%- uidBaseUrl %>",
-          });
-        }
-        if (eventType === 'InitCompleted') {
-          if (sdk.isLoginRequired()) sdk.setIdentity(<%- JSON.stringify(identity) %>)
-        }
-      });
-    </script>
-  </head>
-  <body>
-    <%- include('intro.html'); -%>
-    <p class="message">Generate <%- identityName %> completed</p>
-    <p><%- identityName %> identity:</p>
-    <pre><%- JSON.stringify(identity, null, 2) %></pre>
-    <p><a href="/">Back to the main page</a></p>
-    <p>
-      Normally user would be redirected automatically, but this example demonstrates one way <%- identityName %>
-      generation could be handled.
-    </p>
-  </body>
-</html>
diff --git a/web-integrations/google-secure-signals/client-server/views/optout.html b/web-integrations/google-secure-signals/client-server/views/optout.html
deleted file mode 100644
index b6957e4..0000000
--- a/web-integrations/google-secure-signals/client-server/views/optout.html
+++ /dev/null
@@ -1,19 +0,0 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <meta charset="UTF-8" />
-    <title>Opted Out - Client-Server <%- identityName %> SDK Integration Example with Google Secure Signals</title>
-    <link rel="stylesheet" type="text/css" href="/stylesheets/app.css" />
-    <link rel="shortcut icon" href="/images/favicon.png" />
-  </head>
-  <body>
-    <%- include('intro.html'); -%>
-    <p class="message">This email has opted out</p>
-    <p>
-      The email address you entered has opted out of <%- identityName %>. No <%- identityName %> token can be generated for this
-      email.
-    </p>
-    <p><a href="/">Back to the main page</a></p>
-  </body>
-</html>
-

From 118255e184f423e39a72427b7b16931f3c68d5d3 Mon Sep 17 00:00:00 2001
From: Eiman Eltigani <v-eiman.eltigani@thetradedesk.com>
Date: Thu, 13 Nov 2025 13:43:38 -0700
Subject: [PATCH 4/7] display video under page title/intro

---
 .../client-server/views/index.html                 | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/web-integrations/google-secure-signals/client-server/views/index.html b/web-integrations/google-secure-signals/client-server/views/index.html
index 51ff32e..2db9f47 100644
--- a/web-integrations/google-secure-signals/client-server/views/index.html
+++ b/web-integrations/google-secure-signals/client-server/views/index.html
@@ -84,7 +84,7 @@
           ) {
             ++callbackCounter;
           }
-          // Allow time for secure signals to load
+          // Allow secure signals time to load
           setTimeout(() => updateGuiElements(payload), 1000);
         }
 
@@ -135,6 +135,12 @@
     </script>
   </head>
   <body>
+    <%- include('intro.html'); -%>
+    <p>
+      <strong>Note:</strong> This is a <em>test-only</em> integration environment—not for production
+      use. It does not perform real user authentication or generate production-level tokens. Do not
+      use real user data on this page.
+    </p>
     <div id="googleAdContainer" style="display: none">
       <div id="mainContainer">
         <div id="content">
@@ -148,12 +154,6 @@
       <script type="text/javascript" src="//imasdk.googleapis.com/js/sdkloader/ima3.js"></script>
       <script type="text/javascript" src="ads.js"></script>
     </div>
-    <%- include('intro.html'); -%>
-    <p>
-      <strong>Note:</strong> This is a <em>test-only</em> integration environment—not for production
-      use. It does not perform real user authentication or generate production-level tokens. Do not
-      use real user data on this page.
-    </p>
     <table id="uid2_state">
       <tr>
         <td class="label">Ready for Targeted Advertising:</td>

From ab117b0a9005814dd489b65b916f1802ed8e27bf Mon Sep 17 00:00:00 2001
From: Eiman Eltigani <v-eiman.eltigani@thetradedesk.com>
Date: Thu, 13 Nov 2025 13:51:01 -0700
Subject: [PATCH 5/7] clean up comments regarding index.html functionality

---
 .../google-secure-signals/client-server/views/index.html | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/web-integrations/google-secure-signals/client-server/views/index.html b/web-integrations/google-secure-signals/client-server/views/index.html
index 2db9f47..799dff8 100644
--- a/web-integrations/google-secure-signals/client-server/views/index.html
+++ b/web-integrations/google-secure-signals/client-server/views/index.html
@@ -27,18 +27,17 @@
           $("#update_counter").html(callbackCounter);
           $("#identity_state").html(String(JSON.stringify(payload, null, 2)));
           
-          // Update Secure Signals from localStorage (like client-side does)
+          // Update Secure Signals values displayed in the GUI
           updateSecureSignals();
 
           <% if (isOptout) { %>
-          // Opt-out case - always show opt-out form regardless of loginRequired status
           $("#login_form").hide();
           $("#logout_form").hide();
           $("#optout_form").show();
           $("#optout_banner").show();
           $('#googleAdContainer').hide();
           <% } else { %>
-          // Non-opt-out case - check if login is required
+          // before token generation, show login form
           if (sdk.isLoginRequired()) {
             $("#login_form").show();
             $("#logout_form").hide();
@@ -46,7 +45,7 @@
             $("#optout_banner").hide();
             $('#googleAdContainer').hide();
           } else {
-            // Success case
+            // Success case - token generated, show logout form
             $("#login_form").hide();
             $("#logout_form").show();
             $("#optout_form").hide();
@@ -58,7 +57,7 @@
         
         function updateSecureSignals() {
           try {
-            // Read from localStorage like client-side does
+            // Read from localStorage 
             const secureSignalsStorageKey = '<%- secureSignalsStorageKey %>';
             const secureSignalsStorage = localStorage[secureSignalsStorageKey];
             const secureSignalsStorageJson = secureSignalsStorage && JSON.parse(secureSignalsStorage);

From b53f38216114dadb15fb3f15f8e5d907791de496 Mon Sep 17 00:00:00 2001
From: Eiman Eltigani <v-eiman.eltigani@thetradedesk.com>
Date: Thu, 13 Nov 2025 15:22:49 -0700
Subject: [PATCH 6/7] add contiion to reload in case google secure signals
 didnt get the chance

---
 .../google-secure-signals/client-server/views/index.html | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/web-integrations/google-secure-signals/client-server/views/index.html b/web-integrations/google-secure-signals/client-server/views/index.html
index 799dff8..3217509 100644
--- a/web-integrations/google-secure-signals/client-server/views/index.html
+++ b/web-integrations/google-secure-signals/client-server/views/index.html
@@ -60,6 +60,15 @@
             // Read from localStorage 
             const secureSignalsStorageKey = '<%- secureSignalsStorageKey %>';
             const secureSignalsStorage = localStorage[secureSignalsStorageKey];
+            const token = sdk.getAdvertisingToken();
+            
+            // Safety net: If token exists but Secure Signals haven't loaded yet, reload the page
+            if (token && !secureSignalsStorage) {
+              console.log("Token exists but Secure Signals not loaded yet, reloading page...");
+              location.reload();
+              return;
+            }
+            
             const secureSignalsStorageJson = secureSignalsStorage && JSON.parse(secureSignalsStorage);
             
             if (secureSignalsStorageJson && secureSignalsStorageJson[1]) {

From c87045d1be84adbb9b6c6c9a3247a72af5662f8d Mon Sep 17 00:00:00 2001
From: Eiman Eltigani <v-eiman.eltigani@thetradedesk.com>
Date: Fri, 14 Nov 2025 12:08:15 -0700
Subject: [PATCH 7/7] remove manual sdk updates for optout which should be
 automatic

---
 .../client-server/views/index.html                  | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/web-integrations/google-secure-signals/client-server/views/index.html b/web-integrations/google-secure-signals/client-server/views/index.html
index 3217509..307e43f 100644
--- a/web-integrations/google-secure-signals/client-server/views/index.html
+++ b/web-integrations/google-secure-signals/client-server/views/index.html
@@ -63,7 +63,7 @@
             const token = sdk.getAdvertisingToken();
             
             // Safety net: If token exists but Secure Signals haven't loaded yet, reload the page
-            if (token && !secureSignalsStorage) {
+            if (token && !secureSignalsStorage && !<%= isOptout %>) {
               console.log("Token exists but Secure Signals not loaded yet, reloading page...");
               location.reload();
               return;
@@ -126,14 +126,13 @@
               // Identity already exists, just update GUI
               updateGuiElements(payload);
             }
-            <% } else if (isOptout) { %>
-            // Opt-out case - set identity to null
-            sdk.setIdentity(null);
-            $("#optout_banner").show();
-            updateGuiElements(payload);
             <% } else { %>
-            // No identity from server
+            // No identity from server (including opt-out case)
+            // SDK will naturally remain in "login required" state
             updateGuiElements(payload);
+            <% if (isOptout) { %>
+            $("#optout_banner").show();
+            <% } %>
             <% } %>
           }
         });