npm - @authgear/nextjs - Versions diffs - 0.1.1 - Mend

@authgear/nextjs 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/README.md +307 -0
package/dist/chunk-3KVYAFQJ.js +26 -0
package/dist/chunk-3KVYAFQJ.js.map +1 -0
package/dist/chunk-MJD3XNUK.js +227 -0
package/dist/chunk-MJD3XNUK.js.map +1 -0
package/dist/chunk-UY6NEM2T.js +23 -0
package/dist/chunk-UY6NEM2T.js.map +1 -0
package/dist/client.d.ts +48 -0
package/dist/client.js +119 -0
package/dist/client.js.map +1 -0
package/dist/index.d.ts +34 -0
package/dist/index.js +294 -0
package/dist/index.js.map +1 -0
package/dist/proxy.d.ts +32 -0
package/dist/proxy.js +75 -0
package/dist/proxy.js.map +1 -0
package/dist/server.d.ts +22 -0
package/dist/server.js +100 -0
package/dist/server.js.map +1 -0
package/dist/types-Csfra4K2.d.ts +94 -0
package/package.json +61 -0

package/dist/proxy.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/proxy.ts"],"sourcesContent":["import { NextResponse, type NextRequest } from \"next/server\";\nimport type { AuthgearConfig } from \"./types.js\";\nimport { resolveConfig } from \"./config.js\";\nimport { decryptSession, buildSessionCookie } from \"./session/cookie.js\";\nimport { isTokenExpired } from \"./session/state.js\";\nimport { fetchOIDCConfiguration } from \"./oauth/discovery.js\";\nimport { refreshAccessToken } from \"./oauth/token.js\";\n\nexport interface AuthgearProxyOptions extends AuthgearConfig {\n /**\n * Paths that require authentication. Unauthenticated requests are redirected to login.\n * Supports exact paths and prefix patterns ending with `*` (e.g. \"/dashboard/*\").\n */\n protectedPaths?: string[];\n\n /**\n * Paths that are always public (never redirected to login).\n * Takes precedence over protectedPaths.\n * Defaults to [\"/api/auth/*\"].\n */\n publicPaths?: string[];\n\n /**\n * URL to redirect unauthenticated users. Defaults to \"/api/auth/login\".\n */\n loginPath?: string;\n}\n\nfunction matchesPath(pathname: string, patterns: string[]): boolean {\n return patterns.some((pattern) => {\n if (pattern.endsWith(\"*\")) {\n return pathname.startsWith(pattern.slice(0, -1));\n }\n return pathname === pattern;\n });\n}\n\n/**\n * Create a Next.js 16 proxy function for Authgear authentication.\n *\n * Usage in `proxy.ts`:\n * ```ts\n * import { createAuthgearProxy } from \"@authgear/nextjs/proxy\";\n * export const proxy = createAuthgearProxy({ ...config, protectedPaths: [\"/dashboard/*\"] });\n * ```\n */\nexport function createAuthgearProxy(options: AuthgearProxyOptions) {\n const resolved = resolveConfig(options);\n const protectedPaths = options.protectedPaths ?? [];\n const publicPaths = options.publicPaths ?? [\"/api/auth/*\"];\n const loginPath = options.loginPath ?? \"/api/auth/login\";\n\n return async function proxy(request: NextRequest): Promise<NextResponse> {\n const { pathname } = request.nextUrl;\n\n // Always allow public paths\n if (matchesPath(pathname, publicPaths)) {\n return NextResponse.next();\n }\n\n const sessionCookieValue = request.cookies.get(resolved.cookieName)?.value;\n let sessionData = sessionCookieValue\n ? decryptSession(sessionCookieValue, resolved.sessionSecret)\n : null;\n\n // Try to refresh expired token\n if (sessionData && isTokenExpired(sessionData.expiresAt) && sessionData.refreshToken) {\n try {\n const oidcConfig = await fetchOIDCConfiguration(resolved.endpoint);\n const tokenResponse = await refreshAccessToken(oidcConfig, {\n refreshToken: sessionData.refreshToken,\n clientID: resolved.clientID,\n clientSecret: resolved.clientSecret || undefined,\n });\n sessionData = {\n accessToken: tokenResponse.access_token,\n refreshToken: tokenResponse.refresh_token ?? sessionData.refreshToken,\n idToken: tokenResponse.id_token ?? sessionData.idToken,\n expiresAt: Math.floor(Date.now() / 1000) + tokenResponse.expires_in,\n };\n } catch {\n sessionData = null;\n }\n }\n\n // Redirect unauthenticated requests on protected paths\n if (!sessionData && matchesPath(pathname, protectedPaths)) {\n const loginURL = new URL(loginPath, request.nextUrl.origin);\n loginURL.searchParams.set(\"returnTo\", pathname);\n return NextResponse.redirect(loginURL);\n }\n\n const response = NextResponse.next();\n\n // Inject Authorization header for authenticated requests\n if (sessionData) {\n const requestHeaders = new Headers(request.headers);\n requestHeaders.set(\"Authorization\", `Bearer ${sessionData.accessToken}`);\n\n // Update session cookie if token was refreshed\n const newCookie = buildSessionCookie(resolved.cookieName, sessionData, resolved.sessionSecret);\n response.cookies.set(newCookie.name, newCookie.value, {\n httpOnly: newCookie.httpOnly,\n secure: newCookie.secure,\n sameSite: newCookie.sameSite,\n path: newCookie.path,\n maxAge: newCookie.maxAge,\n });\n }\n\n return response;\n };\n}\n"],"mappings":";;;;;;;;;;;AAAA,SAAS,oBAAsC;AA4B/C,SAAS,YAAY,UAAkB,UAA6B;AAClE,SAAO,SAAS,KAAK,CAAC,YAAY;AAChC,QAAI,QAAQ,SAAS,GAAG,GAAG;AACzB,aAAO,SAAS,WAAW,QAAQ,MAAM,GAAG,EAAE,CAAC;AAAA,IACjD;AACA,WAAO,aAAa;AAAA,EACtB,CAAC;AACH;AAWO,SAAS,oBAAoB,SAA+B;AACjE,QAAM,WAAW,cAAc,OAAO;AACtC,QAAM,iBAAiB,QAAQ,kBAAkB,CAAC;AAClD,QAAM,cAAc,QAAQ,eAAe,CAAC,aAAa;AACzD,QAAM,YAAY,QAAQ,aAAa;AAEvC,SAAO,eAAe,MAAM,SAA6C;AACvE,UAAM,EAAE,SAAS,IAAI,QAAQ;AAG7B,QAAI,YAAY,UAAU,WAAW,GAAG;AACtC,aAAO,aAAa,KAAK;AAAA,IAC3B;AAEA,UAAM,qBAAqB,QAAQ,QAAQ,IAAI,SAAS,UAAU,GAAG;AACrE,QAAI,cAAc,qBACd,eAAe,oBAAoB,SAAS,aAAa,IACzD;AAGJ,QAAI,eAAe,eAAe,YAAY,SAAS,KAAK,YAAY,cAAc;AACpF,UAAI;AACF,cAAM,aAAa,MAAM,uBAAuB,SAAS,QAAQ;AACjE,cAAM,gBAAgB,MAAM,mBAAmB,YAAY;AAAA,UACzD,cAAc,YAAY;AAAA,UAC1B,UAAU,SAAS;AAAA,UACnB,cAAc,SAAS,gBAAgB;AAAA,QACzC,CAAC;AACD,sBAAc;AAAA,UACZ,aAAa,cAAc;AAAA,UAC3B,cAAc,cAAc,iBAAiB,YAAY;AAAA,UACzD,SAAS,cAAc,YAAY,YAAY;AAAA,UAC/C,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,IAAI,cAAc;AAAA,QAC3D;AAAA,MACF,QAAQ;AACN,sBAAc;AAAA,MAChB;AAAA,IACF;AAGA,QAAI,CAAC,eAAe,YAAY,UAAU,cAAc,GAAG;AACzD,YAAM,WAAW,IAAI,IAAI,WAAW,QAAQ,QAAQ,MAAM;AAC1D,eAAS,aAAa,IAAI,YAAY,QAAQ;AAC9C,aAAO,aAAa,SAAS,QAAQ;AAAA,IACvC;AAEA,UAAM,WAAW,aAAa,KAAK;AAGnC,QAAI,aAAa;AACf,YAAM,iBAAiB,IAAI,QAAQ,QAAQ,OAAO;AAClD,qBAAe,IAAI,iBAAiB,UAAU,YAAY,WAAW,EAAE;AAGvE,YAAM,YAAY,mBAAmB,SAAS,YAAY,aAAa,SAAS,aAAa;AAC7F,eAAS,QAAQ,IAAI,UAAU,MAAM,UAAU,OAAO;AAAA,QACpD,UAAU,UAAU;AAAA,QACpB,QAAQ,UAAU;AAAA,QAClB,UAAU,UAAU;AAAA,QACpB,MAAM,UAAU;AAAA,QAChB,QAAQ,UAAU;AAAA,MACpB,CAAC;AAAA,IACH;AAEA,WAAO;AAAA,EACT;AACF;","names":[]}

package/dist/server.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import { A as AuthgearConfig, S as Session, U as UserInfo, J as JWTPayload } from './types-Csfra4K2.js';
+export { P as Page, b as SessionState } from './types-Csfra4K2.js';
+/**
+ * Read the current session in a Server Component or Route Handler.
+ * Automatically refreshes the access token if expired.
+ */
+declare function auth(config: AuthgearConfig): Promise<Session>;
+/**
+ * Get the current user in a Server Component or Route Handler.
+ * Returns null if not authenticated.
+ */
+declare function currentUser(config: AuthgearConfig): Promise<UserInfo | null>;
+/**
+ * Verify a JWT access token (from Authorization: Bearer header).
+ * Useful for protecting API routes.
+ *
+ * @throws {Error} If the token is invalid, expired, or has wrong issuer/audience
+ */
+declare function verifyAccessToken(token: string, config: AuthgearConfig): Promise<JWTPayload>;
+export { JWTPayload, Session, UserInfo, auth, currentUser, verifyAccessToken };

package/dist/server.js ADDED Viewed

@@ -0,0 +1,100 @@
+import {
+  parseUserInfo
+} from "./chunk-3KVYAFQJ.js";
+import {
+  decryptSession,
+  deriveSessionState,
+  fetchOIDCConfiguration,
+  isTokenExpired,
+  refreshAccessToken,
+  resolveConfig
+} from "./chunk-MJD3XNUK.js";
+import {
+  Page,
+  SessionState
+} from "./chunk-UY6NEM2T.js";
+// src/server.ts
+import "server-only";
+import { cookies } from "next/headers";
+// src/jwt/verify.ts
+import { jwtVerify } from "jose";
+// src/jwt/jwks.ts
+import { createRemoteJWKSet } from "jose";
+var jwksSets = /* @__PURE__ */ new Map();
+function getJWKS(oidcConfig) {
+  const uri = oidcConfig.jwks_uri;
+  let jwks = jwksSets.get(uri);
+  if (!jwks) {
+    jwks = createRemoteJWKSet(new URL(uri));
+    jwksSets.set(uri, jwks);
+  }
+  return jwks;
+}
+// src/jwt/verify.ts
+async function verifyJWT(token, oidcConfig, options) {
+  const jwks = getJWKS(oidcConfig);
+  const { payload } = await jwtVerify(token, jwks, {
+    issuer: oidcConfig.issuer,
+    audience: options?.audience,
+    algorithms: ["RS256"]
+  });
+  return payload;
+}
+// src/server.ts
+async function auth(config) {
+  const resolved = resolveConfig(config);
+  const cookieStore = await cookies();
+  const sessionCookieValue = cookieStore.get(resolved.cookieName)?.value;
+  const sessionData = sessionCookieValue ? decryptSession(sessionCookieValue, resolved.sessionSecret) : null;
+  return deriveSessionState(sessionData);
+}
+async function currentUser(config) {
+  const resolved = resolveConfig(config);
+  const cookieStore = await cookies();
+  const sessionCookieValue = cookieStore.get(resolved.cookieName)?.value;
+  if (!sessionCookieValue) return null;
+  let sessionData = decryptSession(sessionCookieValue, resolved.sessionSecret);
+  if (!sessionData) return null;
+  const oidcConfig = await fetchOIDCConfiguration(resolved.endpoint);
+  if (isTokenExpired(sessionData.expiresAt) && sessionData.refreshToken) {
+    try {
+      const tokenResponse = await refreshAccessToken(oidcConfig, {
+        refreshToken: sessionData.refreshToken,
+        clientID: resolved.clientID,
+        clientSecret: resolved.clientSecret || void 0
+      });
+      sessionData = {
+        accessToken: tokenResponse.access_token,
+        refreshToken: tokenResponse.refresh_token ?? sessionData.refreshToken,
+        idToken: tokenResponse.id_token ?? sessionData.idToken,
+        expiresAt: Math.floor(Date.now() / 1e3) + tokenResponse.expires_in
+      };
+    } catch {
+      return null;
+    }
+  }
+  const userinfoRes = await fetch(oidcConfig.userinfo_endpoint, {
+    headers: { Authorization: `Bearer ${sessionData.accessToken}` }
+  });
+  if (!userinfoRes.ok) return null;
+  const raw = await userinfoRes.json();
+  return parseUserInfo(raw);
+}
+async function verifyAccessToken(token, config) {
+  const resolved = resolveConfig(config);
+  const oidcConfig = await fetchOIDCConfiguration(resolved.endpoint);
+  return verifyJWT(token, oidcConfig);
+}
+export {
+  Page,
+  SessionState,
+  auth,
+  currentUser,
+  verifyAccessToken
+};
+//# sourceMappingURL=server.js.map

package/dist/server.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/server.ts","../src/jwt/verify.ts","../src/jwt/jwks.ts"],"sourcesContent":["import \"server-only\";\nimport { cookies } from \"next/headers\";\nimport { SessionState, Page, type Session, type UserInfo, type JWTPayload, type AuthgearConfig } from \"./types.js\";\nimport { resolveConfig } from \"./config.js\";\nimport { decryptSession } from \"./session/cookie.js\";\nimport { deriveSessionState, isTokenExpired } from \"./session/state.js\";\nimport { fetchOIDCConfiguration } from \"./oauth/discovery.js\";\nimport { refreshAccessToken } from \"./oauth/token.js\";\n// ROADMAP: import { getAppSessionToken } from \"./oauth/token.js\";\n// ROADMAP: import { buildOpenURL } from \"./oauth/authorize.js\";\nimport { verifyJWT } from \"./jwt/verify.js\";\nimport { parseUserInfo } from \"./user.js\";\n\n/**\n * Read the current session in a Server Component or Route Handler.\n * Automatically refreshes the access token if expired.\n */\nexport async function auth(config: AuthgearConfig): Promise<Session> {\n const resolved = resolveConfig(config);\n const cookieStore = await cookies();\n const sessionCookieValue = cookieStore.get(resolved.cookieName)?.value;\n\n const sessionData = sessionCookieValue\n ? decryptSession(sessionCookieValue, resolved.sessionSecret)\n : null;\n\n return deriveSessionState(sessionData);\n}\n\n/**\n * Get the current user in a Server Component or Route Handler.\n * Returns null if not authenticated.\n */\nexport async function currentUser(config: AuthgearConfig): Promise<UserInfo | null> {\n const resolved = resolveConfig(config);\n const cookieStore = await cookies();\n const sessionCookieValue = cookieStore.get(resolved.cookieName)?.value;\n\n if (!sessionCookieValue) return null;\n\n let sessionData = decryptSession(sessionCookieValue, resolved.sessionSecret);\n if (!sessionData) return null;\n\n const oidcConfig = await fetchOIDCConfiguration(resolved.endpoint);\n\n // Auto-refresh expired token\n if (isTokenExpired(sessionData.expiresAt) && sessionData.refreshToken) {\n try {\n const tokenResponse = await refreshAccessToken(oidcConfig, {\n refreshToken: sessionData.refreshToken,\n clientID: resolved.clientID,\n clientSecret: resolved.clientSecret || undefined,\n });\n sessionData = {\n accessToken: tokenResponse.access_token,\n refreshToken: tokenResponse.refresh_token ?? sessionData.refreshToken,\n idToken: tokenResponse.id_token ?? sessionData.idToken,\n expiresAt: Math.floor(Date.now() / 1000) + tokenResponse.expires_in,\n };\n } catch {\n return null;\n }\n }\n\n const userinfoRes = await fetch(oidcConfig.userinfo_endpoint, {\n headers: { Authorization: `Bearer ${sessionData.accessToken}` },\n });\n\n if (!userinfoRes.ok) return null;\n\n const raw = (await userinfoRes.json()) as Record<string, unknown>;\n return parseUserInfo(raw);\n}\n\n/**\n * Verify a JWT access token (from Authorization: Bearer header).\n * Useful for protecting API routes.\n *\n * @throws {Error} If the token is invalid, expired, or has wrong issuer/audience\n */\nexport async function verifyAccessToken(\n token: string,\n config: AuthgearConfig,\n): Promise<JWTPayload> {\n const resolved = resolveConfig(config);\n const oidcConfig = await fetchOIDCConfiguration(resolved.endpoint);\n return verifyJWT(token, oidcConfig);\n}\n\n// ROADMAP: getOpenURL — open Authgear settings (or any Authgear page) with the\n// current user pre-authenticated via the app_session_token exchange.\n//\n// This requires the Authgear server to grant the client permission to call\n// POST /oauth2/app_session_token (\"full user access\"). Once that server-side\n// configuration is available, uncomment the implementation below and the\n// imports above, then expose it from the example dashboard via a Server Action.\n//\n// export async function getOpenURL(\n// page: Page | string,\n// config: AuthgearConfig,\n// ): Promise<string> {\n// const resolved = resolveConfig(config);\n// const cookieStore = await cookies();\n// const sessionCookieValue = cookieStore.get(resolved.cookieName)?.value;\n// if (!sessionCookieValue) throw new Error(\"Not authenticated\");\n// const sessionData = decryptSession(sessionCookieValue, resolved.sessionSecret);\n// if (!sessionData?.refreshToken) throw new Error(\"No refresh token in session\");\n// const oidcConfig = await fetchOIDCConfiguration(resolved.endpoint);\n// const { app_session_token } = await getAppSessionToken(\n// resolved.endpoint,\n// sessionData.refreshToken,\n// );\n// return buildOpenURL(oidcConfig, {\n// clientID: resolved.clientID,\n// appSessionToken: app_session_token,\n// targetPath: page,\n// });\n// }\n\nexport { SessionState, Page };\nexport type { Session, UserInfo, JWTPayload };\n","import { jwtVerify } from \"jose\";\nimport type { JWTPayload, OIDCConfiguration } from \"../types.js\";\nimport { getJWKS } from \"./jwks.js\";\n\nexport interface VerifyOptions {\n /** Expected audience. If not set, audience is not checked. */\n audience?: string | string[];\n}\n\nexport async function verifyJWT(\n token: string,\n oidcConfig: OIDCConfiguration,\n options?: VerifyOptions,\n): Promise<JWTPayload> {\n const jwks = getJWKS(oidcConfig);\n\n const { payload } = await jwtVerify(token, jwks, {\n issuer: oidcConfig.issuer,\n audience: options?.audience,\n algorithms: [\"RS256\"],\n });\n\n return payload as unknown as JWTPayload;\n}\n","import { createRemoteJWKSet } from \"jose\";\nimport type { OIDCConfiguration } from \"../types.js\";\n\nconst jwksSets = new Map<string, ReturnType<typeof createRemoteJWKSet>>();\n\nexport function getJWKS(oidcConfig: OIDCConfiguration) {\n const uri = oidcConfig.jwks_uri;\n let jwks = jwksSets.get(uri);\n if (!jwks) {\n jwks = createRemoteJWKSet(new URL(uri));\n jwksSets.set(uri, jwks);\n }\n return jwks;\n}\n\n/** Clear cached JWKS (useful for testing) */\nexport function clearJWKSCache(): void {\n jwksSets.clear();\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AAAA,OAAO;AACP,SAAS,eAAe;;;ACDxB,SAAS,iBAAiB;;;ACA1B,SAAS,0BAA0B;AAGnC,IAAM,WAAW,oBAAI,IAAmD;AAEjE,SAAS,QAAQ,YAA+B;AACrD,QAAM,MAAM,WAAW;AACvB,MAAI,OAAO,SAAS,IAAI,GAAG;AAC3B,MAAI,CAAC,MAAM;AACT,WAAO,mBAAmB,IAAI,IAAI,GAAG,CAAC;AACtC,aAAS,IAAI,KAAK,IAAI;AAAA,EACxB;AACA,SAAO;AACT;;;ADJA,eAAsB,UACpB,OACA,YACA,SACqB;AACrB,QAAM,OAAO,QAAQ,UAAU;AAE/B,QAAM,EAAE,QAAQ,IAAI,MAAM,UAAU,OAAO,MAAM;AAAA,IAC/C,QAAQ,WAAW;AAAA,IACnB,UAAU,SAAS;AAAA,IACnB,YAAY,CAAC,OAAO;AAAA,EACtB,CAAC;AAED,SAAO;AACT;;;ADNA,eAAsB,KAAK,QAA0C;AACnE,QAAM,WAAW,cAAc,MAAM;AACrC,QAAM,cAAc,MAAM,QAAQ;AAClC,QAAM,qBAAqB,YAAY,IAAI,SAAS,UAAU,GAAG;AAEjE,QAAM,cAAc,qBAChB,eAAe,oBAAoB,SAAS,aAAa,IACzD;AAEJ,SAAO,mBAAmB,WAAW;AACvC;AAMA,eAAsB,YAAY,QAAkD;AAClF,QAAM,WAAW,cAAc,MAAM;AACrC,QAAM,cAAc,MAAM,QAAQ;AAClC,QAAM,qBAAqB,YAAY,IAAI,SAAS,UAAU,GAAG;AAEjE,MAAI,CAAC,mBAAoB,QAAO;AAEhC,MAAI,cAAc,eAAe,oBAAoB,SAAS,aAAa;AAC3E,MAAI,CAAC,YAAa,QAAO;AAEzB,QAAM,aAAa,MAAM,uBAAuB,SAAS,QAAQ;AAGjE,MAAI,eAAe,YAAY,SAAS,KAAK,YAAY,cAAc;AACrE,QAAI;AACF,YAAM,gBAAgB,MAAM,mBAAmB,YAAY;AAAA,QACzD,cAAc,YAAY;AAAA,QAC1B,UAAU,SAAS;AAAA,QACnB,cAAc,SAAS,gBAAgB;AAAA,MACzC,CAAC;AACD,oBAAc;AAAA,QACZ,aAAa,cAAc;AAAA,QAC3B,cAAc,cAAc,iBAAiB,YAAY;AAAA,QACzD,SAAS,cAAc,YAAY,YAAY;AAAA,QAC/C,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,IAAI,cAAc;AAAA,MAC3D;AAAA,IACF,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAEA,QAAM,cAAc,MAAM,MAAM,WAAW,mBAAmB;AAAA,IAC5D,SAAS,EAAE,eAAe,UAAU,YAAY,WAAW,GAAG;AAAA,EAChE,CAAC;AAED,MAAI,CAAC,YAAY,GAAI,QAAO;AAE5B,QAAM,MAAO,MAAM,YAAY,KAAK;AACpC,SAAO,cAAc,GAAG;AAC1B;AAQA,eAAsB,kBACpB,OACA,QACqB;AACrB,QAAM,WAAW,cAAc,MAAM;AACrC,QAAM,aAAa,MAAM,uBAAuB,SAAS,QAAQ;AACjE,SAAO,UAAU,OAAO,UAAU;AACpC;","names":[]}

package/dist/types-Csfra4K2.d.ts ADDED Viewed

@@ -0,0 +1,94 @@
+interface AuthgearConfig {
+    /** Authgear endpoint, e.g. "https://myapp.authgear.cloud" */
+    endpoint: string;
+    /** OAuth client ID */
+    clientID: string;
+    /** OAuth client secret (for confidential server-side clients) */
+    clientSecret?: string;
+    /** Redirect URI for OAuth callback, e.g. "http://localhost:3000/api/auth/callback" */
+    redirectURI: string;
+    /** Where to redirect after logout */
+    postLogoutRedirectURI?: string;
+    /** OAuth scopes. Defaults to ["openid", "offline_access", "https://authgear.com/scopes/full-userinfo"] */
+    scopes?: string[];
+    /** Secret key for encrypting session cookie (min 32 chars) */
+    sessionSecret: string;
+    /** Session cookie name. Defaults to "authgear.session" */
+    cookieName?: string;
+}
+/**
+ * Pages that can be opened via open().
+ */
+declare enum Page {
+    Settings = "/settings"
+}
+declare const DEFAULT_SCOPES: string[];
+declare enum SessionState {
+    Unknown = "UNKNOWN",
+    NoSession = "NO_SESSION",
+    Authenticated = "AUTHENTICATED"
+}
+interface SessionData {
+    accessToken: string;
+    refreshToken: string | null;
+    idToken: string | null;
+    expiresAt: number;
+}
+interface Session {
+    state: SessionState;
+    accessToken: string | null;
+    refreshToken: string | null;
+    idToken: string | null;
+    expiresAt: number | null;
+    user: UserInfo | null;
+}
+interface UserInfo {
+    sub: string;
+    email?: string;
+    emailVerified?: boolean;
+    phoneNumber?: string;
+    phoneNumberVerified?: boolean;
+    preferredUsername?: string;
+    givenName?: string;
+    familyName?: string;
+    name?: string;
+    picture?: string;
+    roles?: string[];
+    isAnonymous?: boolean;
+    isVerified?: boolean;
+    canReauthenticate?: boolean;
+    customAttributes?: Record<string, unknown>;
+    raw: Record<string, unknown>;
+}
+interface JWTPayload {
+    sub: string;
+    iss: string;
+    aud: string | string[];
+    exp: number;
+    iat: number;
+    jti?: string;
+    client_id?: string;
+    "https://authgear.com/claims/user/is_anonymous"?: boolean;
+    "https://authgear.com/claims/user/is_verified"?: boolean;
+    "https://authgear.com/claims/user/can_reauthenticate"?: boolean;
+    "https://authgear.com/claims/user/roles"?: string[];
+    [key: string]: unknown;
+}
+interface TokenResponse {
+    access_token: string;
+    token_type: string;
+    expires_in: number;
+    refresh_token?: string;
+    id_token?: string;
+}
+interface OIDCConfiguration {
+    authorization_endpoint: string;
+    token_endpoint: string;
+    userinfo_endpoint: string;
+    revocation_endpoint: string;
+    end_session_endpoint: string;
+    jwks_uri: string;
+    issuer: string;
+}
+export { type AuthgearConfig as A, DEFAULT_SCOPES as D, type JWTPayload as J, type OIDCConfiguration as O, Page as P, type Session as S, type TokenResponse as T, type UserInfo as U, type SessionData as a, SessionState as b };

package/package.json ADDED Viewed

@@ -0,0 +1,61 @@
+{
+  "name": "@authgear/nextjs",
+  "version": "0.1.1",
+  "description": "Authgear SDK for Next.js 16 - OAuth authentication, session management, and JWT verification",
+  "type": "module",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./client": {
+      "types": "./dist/client.d.ts",
+      "import": "./dist/client.js"
+    },
+    "./server": {
+      "types": "./dist/server.d.ts",
+      "import": "./dist/server.js"
+    },
+    "./proxy": {
+      "types": "./dist/proxy.d.ts",
+      "import": "./dist/proxy.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "typecheck": "tsc --noEmit"
+  },
+  "keywords": [
+    "authgear",
+    "nextjs",
+    "authentication",
+    "oauth",
+    "oidc",
+    "jwt"
+  ],
+  "license": "MIT",
+  "dependencies": {
+    "jose": "^6.0.0"
+  },
+  "peerDependencies": {
+    "next": ">=16.0.0",
+    "react": ">=19.0.0",
+    "react-dom": ">=19.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^25.5.0",
+    "@types/react": "^19.0.0",
+    "@types/react-dom": "^19.0.0",
+    "next": "^16.0.0",
+    "react": "^19.0.0",
+    "react-dom": "^19.0.0",
+    "tsup": "^8.0.0",
+    "typescript": "^5.7.0",
+    "vitest": "^3.0.0"
+  }
+}