npm - @chemmangat/msal-next - Versions diffs - 3.0.3 → 3.0.5 - Mend

@chemmangat/msal-next 3.0.3 → 3.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -1,2 +1,934 @@
+import * as react_jsx_runtime from 'react/jsx-runtime';
+import { Configuration, LogLevel, IPublicClientApplication, PublicClientApplication, AccountInfo } from '@azure/msal-browser';
+export { AccountInfo } from '@azure/msal-browser';
+import { ReactNode, CSSProperties, Component, ErrorInfo, ComponentType } from 'react';
+import { NextRequest, NextResponse } from 'next/server';
+export { useAccount, useIsAuthenticated, useMsal } from '@azure/msal-react';
-export {  }
+/**
+ * Custom token claims interface for TypeScript generics
+ * Extend this interface to add your custom claims
+ *
+ * @example
+ * ```tsx
+ * interface MyCustomClaims extends CustomTokenClaims {
+ *   roles: string[];
+ *   department: string;
+ * }
+ *
+ * const claims = account.idTokenClaims as MyCustomClaims;
+ * ```
+ */
+interface CustomTokenClaims {
+    [key: string]: any;
+}
+interface MsalAuthConfig {
+    /**
+     * Azure AD Application (client) ID
+     */
+    clientId: string;
+    /**
+     * Azure AD Directory (tenant) ID (optional for multi-tenant)
+     */
+    tenantId?: string;
+    /**
+     * Authority type: 'common' for multi-tenant, 'organizations', 'consumers', or 'tenant' for single-tenant
+     * @default 'common'
+     */
+    authorityType?: 'common' | 'organizations' | 'consumers' | 'tenant';
+    /**
+     * Redirect URI after authentication
+     * @default window.location.origin
+     */
+    redirectUri?: string;
+    /**
+     * Post logout redirect URI
+     * @default redirectUri
+     */
+    postLogoutRedirectUri?: string;
+    /**
+     * Default scopes for authentication
+     * @default ['User.Read']
+     */
+    scopes?: string[];
+    /**
+     * Cache location: 'sessionStorage', 'localStorage', or 'memoryStorage'
+     * @default 'sessionStorage'
+     */
+    cacheLocation?: 'sessionStorage' | 'localStorage' | 'memoryStorage';
+    /**
+     * Store auth state in cookie (for IE11/Edge legacy)
+     * @default false
+     */
+    storeAuthStateInCookie?: boolean;
+    /**
+     * Navigate to login request URL after authentication
+     * @default true
+     */
+    navigateToLoginRequestUrl?: boolean;
+    /**
+     * Custom MSAL configuration (overrides all other options)
+     */
+    msalConfig?: Configuration;
+    /**
+     * Enable debug logging
+     * @default false
+     */
+    enableLogging?: boolean;
+    /**
+     * Custom logger callback
+     */
+    loggerCallback?: (level: LogLevel, message: string, containsPii: boolean) => void;
+    /**
+     * Allowed redirect URIs for validation (optional but recommended)
+     * Helps prevent open redirect vulnerabilities
+     * @example ['https://myapp.com', 'http://localhost:3000']
+     */
+    allowedRedirectUris?: string[];
+    /**
+     * Loading component to show while MSAL initializes
+     */
+    loadingComponent?: ReactNode;
+    /**
+     * Callback invoked after MSAL initialization completes successfully
+     */
+    onInitialized?: (instance: IPublicClientApplication) => void;
+}
+interface MsalAuthProviderProps extends MsalAuthConfig {
+    children: ReactNode;
+}
+/**
+ * Get the current MSAL instance
+ * @returns The MSAL instance or null if not initialized
+ */
+declare function getMsalInstance(): PublicClientApplication | null;
+declare function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config }: MsalAuthProviderProps): react_jsx_runtime.JSX.Element;
+/**
+ * Pre-configured MSALProvider component for Next.js App Router layouts.
+ * This component is already marked as 'use client', so you can use it directly
+ * in your server-side layout.tsx without needing to create a separate client component.
+ *
+ * @example
+ * ```tsx
+ * // app/layout.tsx
+ * import { MSALProvider } from '@chemmangat/msal-next'
+ *
+ * export default function RootLayout({ children }) {
+ *   return (
+ *     <html lang="en">
+ *       <body>
+ *         <MSALProvider
+ *           clientId={process.env.NEXT_PUBLIC_AZURE_AD_CLIENT_ID!}
+ *           tenantId={process.env.NEXT_PUBLIC_AZURE_AD_TENANT_ID!}
+ *         >
+ *           {children}
+ *         </MSALProvider>
+ *       </body>
+ *     </html>
+ *   )
+ * }
+ * ```
+ */
+declare function MSALProvider({ children, ...props }: MsalAuthProviderProps): react_jsx_runtime.JSX.Element;
+interface MicrosoftSignInButtonProps {
+    /**
+     * Button text
+     * @default 'Sign in with Microsoft'
+     */
+    text?: string;
+    /**
+     * Button variant
+     * @default 'dark'
+     */
+    variant?: 'dark' | 'light';
+    /**
+     * Button size
+     * @default 'medium'
+     */
+    size?: 'small' | 'medium' | 'large';
+    /**
+     * Use redirect flow instead of popup
+     * @default false
+     */
+    useRedirect?: boolean;
+    /**
+     * Scopes to request
+     */
+    scopes?: string[];
+    /**
+     * Custom className
+     */
+    className?: string;
+    /**
+     * Custom styles
+     */
+    style?: CSSProperties;
+    /**
+     * Callback on successful login
+     */
+    onSuccess?: () => void;
+    /**
+     * Callback on error
+     */
+    onError?: (error: Error) => void;
+}
+declare function MicrosoftSignInButton({ text, variant, size, useRedirect, scopes, className, style, onSuccess, onError, }: MicrosoftSignInButtonProps): react_jsx_runtime.JSX.Element;
+interface SignOutButtonProps {
+    /**
+     * Button text
+     * @default 'Sign out'
+     */
+    text?: string;
+    /**
+     * Button variant
+     * @default 'dark'
+     */
+    variant?: 'dark' | 'light';
+    /**
+     * Button size
+     * @default 'medium'
+     */
+    size?: 'small' | 'medium' | 'large';
+    /**
+     * Use redirect flow instead of popup
+     * @default false
+     */
+    useRedirect?: boolean;
+    /**
+     * Custom className
+     */
+    className?: string;
+    /**
+     * Custom styles
+     */
+    style?: CSSProperties;
+    /**
+     * Callback on successful logout
+     */
+    onSuccess?: () => void;
+    /**
+     * Callback on error
+     */
+    onError?: (error: Error) => void;
+}
+/**
+ * SignOutButton component with Microsoft branding
+ *
+ * @example
+ * ```tsx
+ * <SignOutButton variant="light" />
+ * ```
+ */
+declare function SignOutButton({ text, variant, size, useRedirect, className, style, onSuccess, onError, }: SignOutButtonProps): react_jsx_runtime.JSX.Element;
+interface UserAvatarProps {
+    /**
+     * Avatar size in pixels
+     * @default 40
+     */
+    size?: number;
+    /**
+     * Custom className
+     */
+    className?: string;
+    /**
+     * Custom styles
+     */
+    style?: CSSProperties;
+    /**
+     * Show user name tooltip on hover
+     * @default true
+     */
+    showTooltip?: boolean;
+    /**
+     * Fallback image URL if MS Graph photo fails
+     */
+    fallbackImage?: string;
+}
+/**
+ * UserAvatar component that displays user photo from MS Graph with fallback initials
+ *
+ * @example
+ * ```tsx
+ * <UserAvatar size={48} />
+ * ```
+ */
+declare function UserAvatar({ size, className, style, showTooltip, fallbackImage, }: UserAvatarProps): react_jsx_runtime.JSX.Element;
+interface AuthStatusProps {
+    /**
+     * Custom className
+     */
+    className?: string;
+    /**
+     * Custom styles
+     */
+    style?: CSSProperties;
+    /**
+     * Show detailed status (includes username)
+     * @default false
+     */
+    showDetails?: boolean;
+    /**
+     * Custom render function for loading state
+     */
+    renderLoading?: () => ReactNode;
+    /**
+     * Custom render function for authenticated state
+     */
+    renderAuthenticated?: (username: string) => ReactNode;
+    /**
+     * Custom render function for unauthenticated state
+     */
+    renderUnauthenticated?: () => ReactNode;
+}
+/**
+ * AuthStatus component that shows current authentication state
+ *
+ * @example
+ * ```tsx
+ * <AuthStatus showDetails />
+ * ```
+ */
+declare function AuthStatus({ className, style, showDetails, renderLoading, renderAuthenticated, renderUnauthenticated, }: AuthStatusProps): react_jsx_runtime.JSX.Element;
+interface AuthGuardProps {
+    /**
+     * Content to render when authenticated
+     */
+    children: ReactNode;
+    /**
+     * Component to show while checking authentication
+     */
+    loadingComponent?: ReactNode;
+    /**
+     * Component to show when not authenticated (before redirect)
+     */
+    fallbackComponent?: ReactNode;
+    /**
+     * Use redirect flow instead of popup
+     * @default true
+     */
+    useRedirect?: boolean;
+    /**
+     * Scopes to request during authentication
+     */
+    scopes?: string[];
+    /**
+     * Callback when authentication is required
+     */
+    onAuthRequired?: () => void;
+}
+/**
+ * AuthGuard component that protects content and auto-redirects to login
+ *
+ * @example
+ * ```tsx
+ * <AuthGuard>
+ *   <ProtectedContent />
+ * </AuthGuard>
+ * ```
+ */
+declare function AuthGuard({ children, loadingComponent, fallbackComponent, useRedirect, scopes, onAuthRequired, }: AuthGuardProps): react_jsx_runtime.JSX.Element;
+interface ErrorBoundaryProps {
+    /**
+     * Content to render when no error
+     */
+    children: ReactNode;
+    /**
+     * Custom error fallback component
+     */
+    fallback?: (error: Error, reset: () => void) => ReactNode;
+    /**
+     * Callback when error occurs
+     */
+    onError?: (error: Error, errorInfo: ErrorInfo) => void;
+    /**
+     * Enable debug logging
+     * @default false
+     */
+    debug?: boolean;
+}
+interface ErrorBoundaryState {
+    hasError: boolean;
+    error: Error | null;
+}
+/**
+ * Error boundary for catching authentication errors
+ *
+ * @example
+ * ```tsx
+ * <ErrorBoundary>
+ *   <MsalAuthProvider clientId="...">
+ *     <App />
+ *   </MsalAuthProvider>
+ * </ErrorBoundary>
+ * ```
+ */
+declare class ErrorBoundary extends Component<ErrorBoundaryProps, ErrorBoundaryState> {
+    constructor(props: ErrorBoundaryProps);
+    static getDerivedStateFromError(error: Error): ErrorBoundaryState;
+    componentDidCatch(error: Error, errorInfo: ErrorInfo): void;
+    reset: () => void;
+    render(): ReactNode;
+}
+interface UseMsalAuthReturn {
+    /**
+     * Current authenticated account
+     */
+    account: AccountInfo | null;
+    /**
+     * All accounts in the cache
+     */
+    accounts: AccountInfo[];
+    /**
+     * Whether user is authenticated
+     */
+    isAuthenticated: boolean;
+    /**
+     * Whether MSAL is currently performing an interaction
+     */
+    inProgress: boolean;
+    /**
+     * Login using popup
+     */
+    loginPopup: (scopes?: string[]) => Promise<void>;
+    /**
+     * Login using redirect
+     */
+    loginRedirect: (scopes?: string[]) => Promise<void>;
+    /**
+     * Logout using popup
+     */
+    logoutPopup: () => Promise<void>;
+    /**
+     * Logout using redirect
+     */
+    logoutRedirect: () => Promise<void>;
+    /**
+     * Acquire access token silently (with fallback to popup)
+     */
+    acquireToken: (scopes: string[]) => Promise<string>;
+    /**
+     * Acquire access token silently only (no fallback)
+     */
+    acquireTokenSilent: (scopes: string[]) => Promise<string>;
+    /**
+     * Acquire access token using popup
+     */
+    acquireTokenPopup: (scopes: string[]) => Promise<string>;
+    /**
+     * Acquire access token using redirect
+     */
+    acquireTokenRedirect: (scopes: string[]) => Promise<void>;
+    /**
+     * Clear MSAL session without triggering Microsoft logout
+     */
+    clearSession: () => Promise<void>;
+}
+declare function useMsalAuth(defaultScopes?: string[]): UseMsalAuthReturn;
+interface GraphApiOptions extends RequestInit {
+    /**
+     * Scopes required for the API call
+     * @default ['User.Read']
+     */
+    scopes?: string[];
+    /**
+     * API version
+     * @default 'v1.0'
+     */
+    version?: 'v1.0' | 'beta';
+    /**
+     * Enable debug logging
+     * @default false
+     */
+    debug?: boolean;
+}
+interface UseGraphApiReturn {
+    /**
+     * Make a GET request to MS Graph API
+     */
+    get: <T = any>(endpoint: string, options?: GraphApiOptions) => Promise<T>;
+    /**
+     * Make a POST request to MS Graph API
+     */
+    post: <T = any>(endpoint: string, body?: any, options?: GraphApiOptions) => Promise<T>;
+    /**
+     * Make a PUT request to MS Graph API
+     */
+    put: <T = any>(endpoint: string, body?: any, options?: GraphApiOptions) => Promise<T>;
+    /**
+     * Make a PATCH request to MS Graph API
+     */
+    patch: <T = any>(endpoint: string, body?: any, options?: GraphApiOptions) => Promise<T>;
+    /**
+     * Make a DELETE request to MS Graph API
+     */
+    delete: <T = any>(endpoint: string, options?: GraphApiOptions) => Promise<T>;
+    /**
+     * Make a custom request to MS Graph API
+     */
+    request: <T = any>(endpoint: string, options?: GraphApiOptions) => Promise<T>;
+}
+/**
+ * Hook for making authenticated requests to MS Graph API
+ *
+ * @example
+ * ```tsx
+ * const graph = useGraphApi();
+ * const user = await graph.get('/me');
+ * ```
+ */
+declare function useGraphApi(): UseGraphApiReturn;
+interface UserProfile {
+    id: string;
+    displayName: string;
+    givenName: string;
+    surname: string;
+    userPrincipalName: string;
+    mail: string;
+    jobTitle?: string;
+    officeLocation?: string;
+    mobilePhone?: string;
+    businessPhones?: string[];
+    photo?: string;
+}
+interface UseUserProfileReturn {
+    /**
+     * User profile data
+     */
+    profile: UserProfile | null;
+    /**
+     * Whether profile is loading
+     */
+    loading: boolean;
+    /**
+     * Error if profile fetch failed
+     */
+    error: Error | null;
+    /**
+     * Refetch user profile
+     */
+    refetch: () => Promise<void>;
+    /**
+     * Clear cached profile
+     */
+    clearCache: () => void;
+}
+/**
+ * Hook for fetching and caching user profile from MS Graph
+ *
+ * @example
+ * ```tsx
+ * const { profile, loading } = useUserProfile();
+ * ```
+ */
+declare function useUserProfile(): UseUserProfileReturn;
+interface UseRolesReturn {
+    /**
+     * User's Azure AD roles
+     */
+    roles: string[];
+    /**
+     * User's Azure AD groups
+     */
+    groups: string[];
+    /**
+     * Whether roles/groups are loading
+     */
+    loading: boolean;
+    /**
+     * Error if fetch failed
+     */
+    error: Error | null;
+    /**
+     * Check if user has a specific role
+     */
+    hasRole: (role: string) => boolean;
+    /**
+     * Check if user is in a specific group
+     */
+    hasGroup: (groupId: string) => boolean;
+    /**
+     * Check if user has any of the specified roles
+     */
+    hasAnyRole: (roles: string[]) => boolean;
+    /**
+     * Check if user has all of the specified roles
+     */
+    hasAllRoles: (roles: string[]) => boolean;
+    /**
+     * Refetch roles and groups
+     */
+    refetch: () => Promise<void>;
+}
+/**
+ * Hook for fetching user's Azure AD roles and groups
+ *
+ * @example
+ * ```tsx
+ * const { roles, hasRole } = useRoles();
+ * if (hasRole('Admin')) {
+ *   // Show admin content
+ * }
+ * ```
+ */
+declare function useRoles(): UseRolesReturn;
+declare function createMsalConfig(config: MsalAuthConfig): Configuration;
+interface WithAuthOptions extends Omit<AuthGuardProps, 'children'> {
+    /**
+     * Display name for the wrapped component (for debugging)
+     */
+    displayName?: string;
+}
+/**
+ * Higher-order component for protecting pages/components
+ *
+ * @example
+ * ```tsx
+ * const ProtectedPage = withAuth(MyPage);
+ *
+ * // With options
+ * const ProtectedPage = withAuth(MyPage, {
+ *   useRedirect: true,
+ *   scopes: ['User.Read', 'Mail.Read']
+ * });
+ * ```
+ */
+declare function withAuth<P extends object>(Component: ComponentType<P>, options?: WithAuthOptions): ComponentType<P>;
+/**
+ * Retry configuration for token acquisition
+ */
+interface RetryConfig {
+    /**
+     * Maximum number of retry attempts
+     * @default 3
+     */
+    maxRetries?: number;
+    /**
+     * Initial delay in milliseconds
+     * @default 1000
+     */
+    initialDelay?: number;
+    /**
+     * Maximum delay in milliseconds
+     * @default 10000
+     */
+    maxDelay?: number;
+    /**
+     * Backoff multiplier
+     * @default 2
+     */
+    backoffMultiplier?: number;
+    /**
+     * Enable debug logging
+     * @default false
+     */
+    debug?: boolean;
+}
+/**
+ * Exponential backoff retry utility for token acquisition
+ *
+ * @example
+ * ```tsx
+ * const token = await retryWithBackoff(
+ *   () => acquireTokenSilent(scopes),
+ *   { maxRetries: 3, debug: true }
+ * );
+ * ```
+ */
+declare function retryWithBackoff<T>(fn: () => Promise<T>, config?: RetryConfig): Promise<T>;
+/**
+ * Create a retry wrapper for a function
+ *
+ * @example
+ * ```tsx
+ * const acquireTokenWithRetry = createRetryWrapper(acquireToken, {
+ *   maxRetries: 3,
+ *   debug: true
+ * });
+ *
+ * const token = await acquireTokenWithRetry(scopes);
+ * ```
+ */
+declare function createRetryWrapper<TArgs extends any[], TReturn>(fn: (...args: TArgs) => Promise<TReturn>, config?: RetryConfig): (...args: TArgs) => Promise<TReturn>;
+/**
+ * Debug logger configuration
+ */
+interface DebugLoggerConfig {
+    /**
+     * Enable debug mode
+     * @default false
+     */
+    enabled?: boolean;
+    /**
+     * Prefix for log messages
+     * @default '[MSAL-Next]'
+     */
+    prefix?: string;
+    /**
+     * Show timestamps
+     * @default true
+     */
+    showTimestamp?: boolean;
+    /**
+     * Log level
+     * @default 'info'
+     */
+    level?: 'error' | 'warn' | 'info' | 'debug';
+    /**
+     * Enable performance tracking
+     * @default false
+     */
+    enablePerformance?: boolean;
+    /**
+     * Enable network request logging
+     * @default false
+     */
+    enableNetworkLogs?: boolean;
+    /**
+     * Maximum log history size
+     * @default 100
+     */
+    maxHistorySize?: number;
+}
+/**
+ * Log entry for history tracking
+ */
+interface LogEntry {
+    timestamp: number;
+    level: string;
+    message: string;
+    data?: any;
+}
+/**
+ * Performance timing entry
+ */
+interface PerformanceTiming {
+    operation: string;
+    startTime: number;
+    endTime?: number;
+    duration?: number;
+}
+declare class DebugLogger {
+    private config;
+    private logHistory;
+    private performanceTimings;
+    constructor(config?: DebugLoggerConfig);
+    private shouldLog;
+    private formatMessage;
+    private addToHistory;
+    error(message: string, data?: any): void;
+    warn(message: string, data?: any): void;
+    info(message: string, data?: any): void;
+    debug(message: string, data?: any): void;
+    group(label: string): void;
+    groupEnd(): void;
+    /**
+     * Start performance timing for an operation
+     */
+    startTiming(operation: string): void;
+    /**
+     * End performance timing for an operation
+     */
+    endTiming(operation: string): number | undefined;
+    /**
+     * Log network request
+     */
+    logRequest(method: string, url: string, options?: any): void;
+    /**
+     * Log network response
+     */
+    logResponse(method: string, url: string, status: number, data?: any): void;
+    /**
+     * Get log history
+     */
+    getHistory(): LogEntry[];
+    /**
+     * Get performance timings
+     */
+    getPerformanceTimings(): PerformanceTiming[];
+    /**
+     * Clear log history
+     */
+    clearHistory(): void;
+    /**
+     * Clear performance timings
+     */
+    clearTimings(): void;
+    /**
+     * Export logs as JSON
+     */
+    exportLogs(): string;
+    /**
+     * Download logs as a file
+     */
+    downloadLogs(filename?: string): void;
+    setEnabled(enabled: boolean): void;
+    setLevel(level: DebugLoggerConfig['level']): void;
+}
+/**
+ * Get or create the global debug logger
+ *
+ * @example
+ * ```tsx
+ * const logger = getDebugLogger({
+ *   enabled: true,
+ *   level: 'debug',
+ *   enablePerformance: true,
+ *   enableNetworkLogs: true
+ * });
+ *
+ * logger.startTiming('token-acquisition');
+ * // ... do work
+ * logger.endTiming('token-acquisition');
+ *
+ * logger.logRequest('GET', '/me');
+ * logger.info('User logged in', { username: 'user@example.com' });
+ *
+ * // Export logs for debugging
+ * logger.downloadLogs();
+ * ```
+ */
+declare function getDebugLogger(config?: DebugLoggerConfig): DebugLogger;
+/**
+ * Create a scoped logger with a custom prefix
+ *
+ * @example
+ * ```tsx
+ * const logger = createScopedLogger('GraphAPI', {
+ *   enabled: true,
+ *   enableNetworkLogs: true
+ * });
+ * logger.info('Fetching user profile');
+ * ```
+ */
+declare function createScopedLogger(scope: string, config?: DebugLoggerConfig): DebugLogger;
+/**
+ * Security utilities for input validation and sanitization
+ */
+/**
+ * Validate account data structure from cookie
+ */
+interface ValidatedAccountData {
+    homeAccountId: string;
+    username: string;
+    name?: string;
+}
+/**
+ * Safely parse and validate JSON from untrusted sources
+ */
+declare function safeJsonParse<T>(jsonString: string, validator: (data: any) => data is T): T | null;
+/**
+ * Validate account data structure
+ */
+declare function isValidAccountData(data: any): data is ValidatedAccountData;
+/**
+ * Sanitize error messages to prevent information disclosure
+ */
+declare function sanitizeError(error: unknown): string;
+/**
+ * Validate redirect URI to prevent open redirect vulnerabilities
+ */
+declare function isValidRedirectUri(uri: string, allowedOrigins: string[]): boolean;
+/**
+ * Validate scope strings to prevent injection
+ */
+declare function isValidScope(scope: string): boolean;
+/**
+ * Validate array of scopes
+ */
+declare function validateScopes(scopes: string[]): boolean;
+interface AuthMiddlewareConfig {
+    /**
+     * Routes that require authentication
+     * @example ['/dashboard', '/profile', '/api/protected']
+     */
+    protectedRoutes?: string[];
+    /**
+     * Routes that should be accessible only when NOT authenticated
+     * @example ['/login', '/signup']
+     */
+    publicOnlyRoutes?: string[];
+    /**
+     * Login page path
+     * @default '/login'
+     */
+    loginPath?: string;
+    /**
+     * Redirect path after login
+     * @default '/'
+     */
+    redirectAfterLogin?: string;
+    /**
+     * Cookie name for session
+     * @default 'msal.account'
+     */
+    sessionCookie?: string;
+    /**
+     * Custom authentication check function
+     */
+    isAuthenticated?: (request: NextRequest) => boolean | Promise<boolean>;
+    /**
+     * Enable debug logging
+     * @default false
+     */
+    debug?: boolean;
+}
+/**
+ * Creates authentication middleware for Next.js App Router
+ *
+ * @example
+ * ```tsx
+ * // middleware.ts
+ * import { createAuthMiddleware } from '@chemmangat/msal-next';
+ *
+ * export const middleware = createAuthMiddleware({
+ *   protectedRoutes: ['/dashboard', '/profile'],
+ *   publicOnlyRoutes: ['/login'],
+ *   loginPath: '/login',
+ * });
+ *
+ * export const config = {
+ *   matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'],
+ * };
+ * ```
+ */
+declare function createAuthMiddleware(config?: AuthMiddlewareConfig): (request: NextRequest) => Promise<NextResponse<unknown>>;
+interface ServerSession {
+    /**
+     * Whether user is authenticated
+     */
+    isAuthenticated: boolean;
+    /**
+     * User's account ID from MSAL cache
+     */
+    accountId?: string;
+    /**
+     * User's username/email
+     */
+    username?: string;
+    /**
+     * Access token (if available in cookie)
+     * @deprecated Storing tokens in cookies is not recommended for security reasons
+     */
+    accessToken?: string;
+}
+export { AuthGuard, type AuthGuardProps, type AuthMiddlewareConfig, AuthStatus, type AuthStatusProps, type CustomTokenClaims, type DebugLoggerConfig, ErrorBoundary, type ErrorBoundaryProps, type GraphApiOptions, MSALProvider, MicrosoftSignInButton, type MicrosoftSignInButtonProps, type MsalAuthConfig, MsalAuthProvider, type MsalAuthProviderProps, type RetryConfig, type ServerSession, SignOutButton, type SignOutButtonProps, type UseGraphApiReturn, type UseMsalAuthReturn, type UseRolesReturn, type UseUserProfileReturn, UserAvatar, type UserAvatarProps, type UserProfile, type ValidatedAccountData, type WithAuthOptions, createAuthMiddleware, createMsalConfig, createRetryWrapper, createScopedLogger, getDebugLogger, getMsalInstance, isValidAccountData, isValidRedirectUri, isValidScope, retryWithBackoff, safeJsonParse, sanitizeError, useGraphApi, useMsalAuth, useRoles, useUserProfile, validateScopes, withAuth };