npm - @civic/auth - Versions diffs - 0.0.1-beta.0 → 0.0.1-beta.1 - Mend

@civic/auth 0.0.1-beta.0 → 0.0.1-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/README.md +10 -10
package/dist/index-DFVNodC9.d.mts +66 -0
package/dist/index-DFVNodC9.d.ts +66 -0
package/dist/index.css +5 -5
package/dist/index.css.map +1 -1
package/dist/index.d.mts +2 -2
package/dist/index.d.ts +2 -2
package/dist/nextjs.d.mts +235 -4
package/dist/nextjs.d.ts +235 -4
package/dist/nextjs.js +848 -42
package/dist/nextjs.js.map +1 -1
package/dist/nextjs.mjs +832 -43
package/dist/nextjs.mjs.map +1 -1
package/dist/react.d.mts +71 -19
package/dist/react.d.ts +71 -19
package/dist/react.js +599 -300
package/dist/react.js.map +1 -1
package/dist/react.mjs +588 -293
package/dist/react.mjs.map +1 -1
package/package.json +22 -18
package/dist/index-yT0eVchS.d.mts +0 -52
package/dist/index-yT0eVchS.d.ts +0 -52

package/dist/react.mjs CHANGED Viewed

@@ -52,7 +52,7 @@ var __async = (__this, __arguments, generator) => {
 };
 // src/react/hooks/useUser.tsx
-import { useContext as useContext3 } from "react";
+import { useContext as useContext4 } from "react";
 // src/react/providers/UserProvider.tsx
 import { createContext } from "react";
@@ -79,25 +79,24 @@ var useToken = () => {
 };
 // src/react/providers/UserProvider.tsx
-import { parseJWT } from "oslo/jwt";
 import { jsx } from "react/jsx-runtime";
 var UserContext = createContext(null);
 var UserProvider = ({
-  children
+  children,
+  userInfoService
 }) => {
   const { isLoading: authLoading, error: authError } = useAuth();
   const session = useSession();
   const { forwardedTokens, idToken, accessToken, refreshToken } = useToken();
-  const { isAuthenticated, signIn, signOut } = useAuth();
+  const { signIn, signOut } = useAuth();
   const fetchUser = () => __async(void 0, null, function* () {
-    if (!(session == null ? void 0 : session.idToken)) {
+    if (!accessToken || !userInfoService) {
       return null;
     }
-    const parsedJWT = parseJWT(session.idToken);
-    if (!parsedJWT) {
+    const user2 = yield userInfoService == null ? void 0 : userInfoService.getUserInfo(accessToken, idToken);
+    if (!user2) {
       return null;
     }
-    const user2 = parsedJWT.payload;
     return __spreadProps(__spreadValues({}, user2), {
       forwardedTokens,
       idToken,
@@ -108,12 +107,11 @@ var UserProvider = ({
   const {
     data: user,
     isLoading: userLoading,
-    error: userError,
-    refetch
+    error: userError
   } = useQuery({
-    queryKey: ["user", session == null ? void 0 : session.accessToken],
+    queryKey: ["user", session == null ? void 0 : session.idToken],
     queryFn: fetchUser,
-    enabled: !!(session == null ? void 0 : session.accessToken)
+    enabled: !!(session == null ? void 0 : session.idToken)
     // Only run the query if we have an access token
   });
   const isLoading = authLoading || userLoading;
@@ -122,11 +120,9 @@ var UserProvider = ({
     UserContext.Provider,
     {
       value: {
-        user,
+        user: user != null ? user : null,
         isLoading,
         error,
-        refetch,
-        isAuthenticated,
         signIn,
         signOut
       },
@@ -138,27 +134,41 @@ var UserProvider = ({
 // src/react/providers/TokenProvider.tsx
 import { createContext as createContext2, useMemo } from "react";
 import { useMutation, useQueryClient } from "@tanstack/react-query";
-import { parseJWT as parseJWT2 } from "oslo/jwt";
+import { parseJWT } from "oslo/jwt";
+// src/lib/jwt.ts
+var convertForwardedTokenFormat = (inputTokens) => Object.fromEntries(
+  Object.entries(inputTokens).map(([source, tokens]) => [
+    source,
+    {
+      idToken: tokens == null ? void 0 : tokens.id_token,
+      accessToken: tokens == null ? void 0 : tokens.access_token,
+      refreshToken: tokens == null ? void 0 : tokens.refresh_token
+    }
+  ])
+);
+// src/react/providers/TokenProvider.tsx
 import { jsx as jsx2 } from "react/jsx-runtime";
 var TokenContext = createContext2(void 0);
 var TokenProvider = ({ children }) => {
   const { isLoading, error: authError } = useAuth();
   const session = useSession();
-  const queryClient2 = useQueryClient();
+  const queryClient3 = useQueryClient();
   const refreshTokenMutation = useMutation({
     mutationFn: () => __async(void 0, null, function* () {
       throw new Error("Method not implemented.");
     }),
     onSuccess: () => {
-      queryClient2.invalidateQueries({ queryKey: ["session"] });
+      queryClient3.invalidateQueries({ queryKey: ["session"] });
     }
   });
   const decodeTokens = useMemo(() => {
     if (!(session == null ? void 0 : session.idToken)) return null;
-    const parsedJWT = parseJWT2(session.idToken);
+    const parsedJWT = parseJWT(session.idToken);
     if (!parsedJWT) return null;
     const { forwardedTokens } = parsedJWT.payload;
-    return forwardedTokens;
+    return forwardedTokens ? convertForwardedTokenFormat(forwardedTokens) : null;
   }, [session == null ? void 0 : session.idToken]);
   const value = useMemo(
     () => ({
@@ -182,35 +192,39 @@ var TokenProvider = ({ children }) => {
   return /* @__PURE__ */ jsx2(TokenContext.Provider, { value, children });
 };
-// src/react/providers/AuthProvider.tsx
+// src/shared/AuthProvider.tsx
 import {
-  createContext as createContext5,
+  createContext as createContext4,
   useState as useState3,
   useEffect as useEffect3,
   useMemo as useMemo2,
-  useCallback as useCallback2
+  useCallback as useCallback3,
+  useRef as useRef2
 } from "react";
 import { useQuery as useQuery2, useMutation as useMutation2, useQueryClient as useQueryClient2 } from "@tanstack/react-query";
 // src/services/UserInfoService.ts
+import { parseJWT as parseJWT2 } from "oslo/jwt";
 var UserInfoServiceImpl = class {
   constructor(endpoints) {
     this.endpoints = endpoints;
   }
-  getUserInfo(accessToken) {
+  extractUserFromIdToken(idToken) {
+    const parsedJWT = parseJWT2(idToken);
+    if (!parsedJWT) {
+      return null;
+    }
+    return parsedJWT.payload;
+  }
+  getUserInfo(accessToken, idToken) {
     return __async(this, null, function* () {
-      return {
-        id: "user123",
-        name: "John Doe",
-        email: "john@example.com",
-        picture: "https://example.com/john.jpg",
-        given_name: "John",
-        family_name: "Doe",
-        created_at: /* @__PURE__ */ new Date(),
-        updated_at: /* @__PURE__ */ new Date(),
-        country: "US",
-        accessToken
-      };
+      if (idToken) {
+        return this.extractUserFromIdToken(idToken);
+      }
+      const userInfo = yield fetch(this.endpoints.userinfo, {
+        headers: { Authorization: `Bearer ${accessToken}` }
+      });
+      return userInfo.json();
     });
   }
 };
@@ -244,13 +258,14 @@ var generateState = (displayMode) => {
     uuid: uuid(),
     displayMode
   });
-  return Buffer.from(jsonString).toString("base64");
+  return btoa(jsonString);
 };
 var displayModeFromState = (state, sessionDisplayMode) => {
   try {
-    const jsonString = Buffer.from(state, "base64").toString();
+    const jsonString = btoa(state);
     return JSON.parse(jsonString).displayMode;
-  } catch (_e) {
+  } catch (e) {
+    console.error("Failed to parse displayMode from state:", e);
     return sessionDisplayMode;
   }
 };
@@ -283,44 +298,49 @@ var AuthSessionServiceImpl = class {
     this.clientId = clientId;
     this.redirectUrl = redirectUrl;
     this.oauthServer = oauthServer;
+    this.inputEndpoints = inputEndpoints;
     this.codeVerifier = void 0;
-    this.state = void 0;
-    this.codeVerifier = generateCodeVerifier();
-    this._endpoints = inputEndpoints;
+    this.refreshTokenTimeout = null;
+    this.codeVerifier = this.getCodeVerifier();
+    this.endpoints = inputEndpoints;
+  }
+  getCodeVerifier() {
+    return generateCodeVerifier();
   }
   getUserInfoService() {
     return __async(this, null, function* () {
-      if (this._userInfoService) {
-        return this._userInfoService;
+      if (this.userInfoService) {
+        return this.userInfoService;
       }
       const endpoints = yield this.getEndpoints();
-      this._userInfoService = new UserInfoServiceImpl(endpoints);
-      return this._userInfoService;
+      this.userInfoService = new UserInfoServiceImpl(endpoints);
+      return this.userInfoService;
     });
   }
   getEndpoints() {
     return __async(this, null, function* () {
-      if (this._endpoints) {
-        return this._endpoints;
+      var _a;
+      if ((_a = this.endpoints) == null ? void 0 : _a.auth) {
+        return this.endpoints;
       }
-      this._endpoints = yield getOauthEndpoints(this.oauthServer);
-      return this._endpoints;
+      const jwksEndpoints = yield getOauthEndpoints(this.oauthServer);
+      return this.endpoints ? __spreadValues(__spreadValues({}, this.endpoints), jwksEndpoints) : jwksEndpoints;
     });
   }
   getOauth2Client() {
     return __async(this, null, function* () {
-      if (this._oauth2Client) {
-        return this._oauth2Client;
+      if (this.oauth2Client) {
+        return this.oauth2Client;
       }
       const endpoints = yield this.getEndpoints();
-      this._oauth2Client = new OAuth2Client(
+      this.oauth2Client = new OAuth2Client(
         this.clientId,
         endpoints.auth,
         endpoints.token,
         // this
         { redirectURI: this.redirectUrl }
       );
-      return this._oauth2Client;
+      return this.oauth2Client;
     });
   }
   getSessionData() {
@@ -334,25 +354,58 @@ var AuthSessionServiceImpl = class {
       JSON.stringify(__spreadValues({}, data))
     );
   }
-  getAuthorizationUrl(scopes, displayMode, nonce) {
+  getUser() {
+    return JSON.parse(
+      localStorage.getItem(`civic-auth:${this.clientId}:user`) || "{}"
+    );
+  }
+  setUser(data) {
+    localStorage.setItem(
+      `civic-auth:${this.clientId}:user`,
+      JSON.stringify(data === null ? {} : data)
+    );
+  }
+  clearSessionData() {
+    localStorage.setItem(`civic-auth:${this.clientId}`, JSON.stringify({}));
+  }
+  getAuthorizationUrlWithChallenge(state, scopes) {
     return __async(this, null, function* () {
-      const state = generateState(displayMode);
-      this.state = state;
-      const existingSessionData = this.getSessionData();
-      this.updateSessionData(__spreadProps(__spreadValues({}, existingSessionData), {
-        codeVerifier: this.codeVerifier,
-        displayMode
-      }));
+      var _a;
       const oauth2Client = yield this.getOauth2Client();
+      if ((_a = this.endpoints) == null ? void 0 : _a.challenge) {
+        const challenge = yield fetch(this.endpoints.challenge).then(
+          (res) => res.json().then((data) => data.challenge)
+        );
+        const oAuthUrl2 = yield oauth2Client.createAuthorizationURL({
+          state,
+          scopes
+        });
+        oAuthUrl2.searchParams.append("code_challenge", challenge);
+        oAuthUrl2.searchParams.append("code_challenge_method", "S256");
+        return oAuthUrl2;
+      }
       const oAuthUrl = yield oauth2Client.createAuthorizationURL({
         state,
         codeVerifier: this.codeVerifier,
         codeChallengeMethod: "S256",
         scopes
       });
+      return oAuthUrl;
+    });
+  }
+  getAuthorizationUrl(scopes, displayMode, nonce) {
+    return __async(this, null, function* () {
+      const state = generateState(displayMode);
+      const existingSessionData = this.getSessionData();
+      this.updateSessionData(__spreadProps(__spreadValues({}, existingSessionData), {
+        codeVerifier: this.codeVerifier,
+        displayMode
+      }));
+      const oAuthUrl = yield this.getAuthorizationUrlWithChallenge(state, scopes);
       if (nonce) {
         oAuthUrl.searchParams.append("nonce", nonce);
       }
+      oAuthUrl.searchParams.append("prompt", "consent");
       return oAuthUrl.toString();
     });
   }
@@ -402,7 +455,7 @@ var AuthSessionServiceImpl = class {
         if (!authorizationCode || !returnedState) {
           throw new Error("Invalid authorization response");
         }
-        const codeVerifier = this.getSessionData().codeVerifier;
+        const codeVerifier = session.codeVerifier;
         const oauth2Client = yield this.getOauth2Client();
         const tokens = yield oauth2Client.validateAuthorizationCode(
           authorizationCode,
@@ -429,10 +482,14 @@ var AuthSessionServiceImpl = class {
           state: returnedState,
           accessToken: tokens.access_token,
           refreshToken: tokens.refresh_token,
+          timestamp: Date.now(),
           expiresIn: tokens.expires_in
         });
         this.updateSessionData(session);
+        const user = yield (yield this.getUserInfoService()).getUserInfo(tokens.access_token, tokens.id_token || null);
+        this.setUser(user);
       }
+      this.setupTokenRefresh(session);
       if (session.displayMode === "new_tab") {
         window.close();
       } else if (session.displayMode === "redirect") {
@@ -440,6 +497,24 @@ var AuthSessionServiceImpl = class {
       return session;
     });
   }
+  setupTokenRefresh(session) {
+    if (this.refreshTokenTimeout) {
+      clearTimeout(this.refreshTokenTimeout);
+    }
+    if (session.expiresIn) {
+      const elapsedTime = Date.now() - (session.timestamp || 0);
+      const remainingTime = session.expiresIn * 1e3 - elapsedTime;
+      const refreshTime = Math.max(0, remainingTime - 6e4);
+      this.refreshTokenTimeout = setTimeout(() => {
+        this.refreshToken().then((newSession) => {
+          console.log("Token refreshed successfully", newSession);
+        }).catch((error) => {
+          console.error("Failed to refresh token:", error);
+          this.updateSessionData({});
+        });
+      }, refreshTime);
+    }
+  }
   refreshToken() {
     return __async(this, null, function* () {
       const sessionData = this.getSessionData();
@@ -455,9 +530,11 @@ var AuthSessionServiceImpl = class {
         authenticated: true,
         accessToken: tokens.access_token,
         refreshToken: tokens.refresh_token,
+        timestamp: Date.now(),
         expiresIn: tokens.expires_in
       });
       this.updateSessionData(session);
+      this.setupTokenRefresh(session);
       return session;
     });
   }
@@ -468,7 +545,10 @@ var AuthSessionServiceImpl = class {
         throw new Error("No access token available");
       }
       const userInfoService = yield this.getUserInfoService();
-      return userInfoService.getUserInfo(sessionData.accessToken);
+      return userInfoService.getUserInfo(
+        sessionData.accessToken,
+        sessionData.idToken || null
+      );
     });
   }
   /**
@@ -497,10 +577,7 @@ var AuthSessionServiceImpl = class {
       );
       returnPayload.accessToken = accessTokenResponse.payload;
       if (tokens.refresh_token) {
-        const refreshResponse = yield jose.jwtVerify(tokens.refresh_token, JWKS, {
-          issuer: getIssuerVariations(this.oauthServer)
-        });
-        returnPayload.refreshToken = refreshResponse.payload;
+        returnPayload.refreshToken = tokens.refresh_token;
       }
       return returnPayload;
     });
@@ -523,7 +600,9 @@ var AuthSessionServiceImpl = class {
         return sessionData;
       } catch (error) {
         console.warn("Failed to validate existing tokens", error);
-        const unAuthenticatedSession = __spreadProps(__spreadValues({}, sessionData), { authenticated: false });
+        const unAuthenticatedSession = {
+          authenticated: false
+        };
         this.updateSessionData(unAuthenticatedSession);
         return unAuthenticatedSession;
       }
@@ -531,11 +610,40 @@ var AuthSessionServiceImpl = class {
   }
 };
+// src/constants.ts
+var DEFAULT_SCOPES = [
+  "openid",
+  "profile",
+  "email",
+  "forwardedTokens",
+  "offline_access"
+];
+var IFRAME_ID = "civic-auth-iframe";
 // src/react/components/CivicAuthIframe.tsx
+import { forwardRef } from "react";
+import { jsx as jsx3 } from "react/jsx-runtime";
+var CivicAuthIframe = forwardRef(
+  ({ authUrl, onLoad }, ref) => {
+    return /* @__PURE__ */ jsx3(
+      "iframe",
+      {
+        id: IFRAME_ID,
+        ref,
+        src: authUrl,
+        className: "h-96 w-80 border-none",
+        onLoad
+      }
+    );
+  }
+);
+CivicAuthIframe.displayName = "CivicAuthIframe";
+// src/react/components/CivicAuthIframeModal.tsx
 import { useCallback, useEffect, useRef, useState } from "react";
 // src/react/components/LoadingIcon.tsx
-import { jsx as jsx3, jsxs } from "react/jsx-runtime";
+import { jsx as jsx4, jsxs } from "react/jsx-runtime";
 var LoadingIcon = () => /* @__PURE__ */ jsxs("div", { role: "status", children: [
   /* @__PURE__ */ jsxs(
     "svg",
@@ -546,14 +654,14 @@ var LoadingIcon = () => /* @__PURE__ */ jsxs("div", { role: "status", children:
       fill: "none",
       xmlns: "http://www.w3.org/2000/svg",
       children: [
-        /* @__PURE__ */ jsx3(
+        /* @__PURE__ */ jsx4(
           "path",
           {
             d: "M100 50.5908C100 78.2051 77.6142 100.591 50 100.591C22.3858 100.591 0 78.2051 0 50.5908C0 22.9766 22.3858 0.59082 50 0.59082C77.6142 0.59082 100 22.9766 100 50.5908ZM9.08144 50.5908C9.08144 73.1895 27.4013 91.5094 50 91.5094C72.5987 91.5094 90.9186 73.1895 90.9186 50.5908C90.9186 27.9921 72.5987 9.67226 50 9.67226C27.4013 9.67226 9.08144 27.9921 9.08144 50.5908Z",
             fill: "currentColor"
           }
         ),
-        /* @__PURE__ */ jsx3(
+        /* @__PURE__ */ jsx4(
           "path",
           {
             d: "M93.9676 39.0409C96.393 38.4038 97.8624 35.9116 97.0079 33.5539C95.2932 28.8227 92.871 24.3692 89.8167 20.348C85.8452 15.1192 80.8826 10.7238 75.2124 7.41289C69.5422 4.10194 63.2754 1.94025 56.7698 1.05124C51.7666 0.367541 46.6976 0.446843 41.7345 1.27873C39.2613 1.69328 37.813 4.19778 38.4501 6.62326C39.0873 9.04874 41.5694 10.4717 44.0505 10.1071C47.8511 9.54855 51.7191 9.52689 55.5402 10.0491C60.8642 10.7766 65.9928 12.5457 70.6331 15.2552C75.2735 17.9648 79.3347 21.5619 82.5849 25.841C84.9175 28.9121 86.7997 32.2913 88.1811 35.8758C89.083 38.2158 91.5421 39.6781 93.9676 39.0409Z",
@@ -563,11 +671,11 @@ var LoadingIcon = () => /* @__PURE__ */ jsxs("div", { role: "status", children:
       ]
     }
   ),
-  /* @__PURE__ */ jsx3("span", { className: "sr-only", children: "Loading..." })
+  /* @__PURE__ */ jsx4("span", { className: "sr-only", children: "Loading..." })
 ] });
-// src/react/components/CivicAuthIframe.tsx
-import { jsx as jsx4, jsxs as jsxs2 } from "react/jsx-runtime";
+// src/react/components/CloseIcon.tsx
+import { jsx as jsx5, jsxs as jsxs2 } from "react/jsx-runtime";
 var CloseIcon = () => /* @__PURE__ */ jsxs2(
   "svg",
   {
@@ -582,19 +690,23 @@ var CloseIcon = () => /* @__PURE__ */ jsxs2(
     strokeLinejoin: "round",
     className: "lucide lucide-x",
     children: [
-      /* @__PURE__ */ jsx4("path", { d: "M18 6 6 18" }),
-      /* @__PURE__ */ jsx4("path", { d: "m6 6 12 12" })
+      /* @__PURE__ */ jsx5("path", { d: "M18 6 6 18" }),
+      /* @__PURE__ */ jsx5("path", { d: "m6 6 12 12" })
     ]
   }
 );
-var IFRAME_ID = "civic-auth-iframe";
-var CivicAuthIframe = ({
+// src/react/components/CivicAuthIframeModal.tsx
+import { jsx as jsx6, jsxs as jsxs3 } from "react/jsx-runtime";
+var CivicAuthIframeModal = ({
   authUrl,
   redirectUri,
   setAuthResponseUrl,
-  onClose
+  onClose,
+  iframeRef,
+  redirectInProgress = false,
+  closeOnRedirect = true
 }) => {
-  const iframeRef = useRef(null);
   const [isLoading, setIsLoading] = useState(true);
   const processIframeUrl = useCallback(() => {
     if (iframeRef.current && iframeRef.current.contentWindow) {
@@ -602,6 +714,7 @@ var CivicAuthIframe = ({
         const iframeUrl = iframeRef.current.contentWindow.location.href;
         if (iframeUrl.startsWith(redirectUri)) {
           setAuthResponseUrl(iframeUrl);
+          if (closeOnRedirect) onClose();
           return true;
         }
       } catch (e) {
@@ -609,14 +722,17 @@ var CivicAuthIframe = ({
       }
     }
     return false;
-  }, [redirectUri, setAuthResponseUrl]);
+  }, [closeOnRedirect, iframeRef, onClose, redirectUri, setAuthResponseUrl]);
   const intervalId = useRef();
-  useEffect(() => {
-    const handleEscape = (event) => {
+  const handleEscape = useCallback(
+    (event) => {
       if (event.key === "Escape") {
         onClose();
       }
-    };
+    },
+    [onClose]
+  );
+  useEffect(() => {
     window.addEventListener("keydown", handleEscape);
     return () => window.removeEventListener("keydown", handleEscape);
   });
@@ -627,33 +743,31 @@ var CivicAuthIframe = ({
       clearInterval(intervalId.current);
     }
   };
-  return /* @__PURE__ */ jsx4(
+  return /* @__PURE__ */ jsx6(
     "div",
     {
-      className: "absolute left-0 top-0 z-[9999] flex h-screen w-screen items-center justify-center bg-neutral-950 bg-opacity-50",
+      className: "absolute left-0 top-0 z-50 flex h-screen w-screen items-center justify-center bg-neutral-950 bg-opacity-50",
       onClick: onClose,
-      children: /* @__PURE__ */ jsxs2(
+      children: /* @__PURE__ */ jsxs3(
         "div",
         {
           className: "relative rounded-3xl bg-white p-6 shadow-lg",
           onClick: (e) => e.stopPropagation(),
           children: [
-            /* @__PURE__ */ jsx4(
+            /* @__PURE__ */ jsx6(
               "button",
               {
                 className: "absolute right-4 top-4 flex cursor-pointer items-center justify-center border-none bg-transparent p-1 text-neutral-400",
                 onClick: onClose,
-                children: /* @__PURE__ */ jsx4(CloseIcon, {})
+                children: /* @__PURE__ */ jsx6(CloseIcon, {})
               }
             ),
-            isLoading && /* @__PURE__ */ jsx4("div", { className: "absolute inset-0 flex items-center justify-center rounded-3xl bg-neutral-100", children: /* @__PURE__ */ jsx4(LoadingIcon, {}) }),
-            /* @__PURE__ */ jsx4(
-              "iframe",
+            (isLoading || redirectInProgress) && /* @__PURE__ */ jsx6("div", { className: "absolute inset-0 flex items-center justify-center rounded-3xl bg-neutral-100", children: /* @__PURE__ */ jsx6(LoadingIcon, {}) }),
+            /* @__PURE__ */ jsx6(
+              CivicAuthIframe,
               {
-                id: IFRAME_ID,
                 ref: iframeRef,
-                src: authUrl,
-                className: "h-48 w-80 border-none",
+                authUrl,
                 onLoad: handleIframeLoad
               }
             )
@@ -665,9 +779,9 @@ var CivicAuthIframe = ({
 };
 // src/react/components/UserButton.tsx
-import { useEffect as useEffect2, useState as useState2 } from "react";
-import { jsx as jsx5, jsxs as jsxs3 } from "react/jsx-runtime";
-var ChevronDown = () => /* @__PURE__ */ jsx5(
+import { useCallback as useCallback2, useEffect as useEffect2, useState as useState2 } from "react";
+import { jsx as jsx7, jsxs as jsxs4 } from "react/jsx-runtime";
+var ChevronDown = () => /* @__PURE__ */ jsx7(
   "svg",
   {
     xmlns: "http://www.w3.org/2000/svg",
@@ -680,10 +794,10 @@ var ChevronDown = () => /* @__PURE__ */ jsx5(
     strokeLinecap: "round",
     strokeLinejoin: "round",
     className: "lucide lucide-chevron-down",
-    children: /* @__PURE__ */ jsx5("path", { d: "m6 9 6 6 6-6" })
+    children: /* @__PURE__ */ jsx7("path", { d: "m6 9 6 6 6-6" })
   }
 );
-var ChevronUp = () => /* @__PURE__ */ jsx5(
+var ChevronUp = () => /* @__PURE__ */ jsx7(
   "svg",
   {
     xmlns: "http://www.w3.org/2000/svg",
@@ -696,7 +810,7 @@ var ChevronUp = () => /* @__PURE__ */ jsx5(
     strokeLinecap: "round",
     strokeLinejoin: "round",
     className: "lucide lucide-chevron-up",
-    children: /* @__PURE__ */ jsx5("path", { d: "m18 15-6-6-6 6" })
+    children: /* @__PURE__ */ jsx7("path", { d: "m18 15-6-6-6 6" })
   }
 );
 var UserButton = ({
@@ -706,41 +820,38 @@ var UserButton = ({
   const [isOpen, setIsOpen] = useState2(false);
   const { signIn, isAuthenticated, signOut } = useAuth();
   const { user } = useUser();
+  const handleClickOutside = useCallback2((event) => {
+    const target = event.target;
+    if (!target.closest("#civic-dropdown-container")) {
+      setIsOpen(false);
+    }
+  }, []);
+  const handleSignOut = useCallback2(() => __async(void 0, null, function* () {
+    yield signOut();
+    setIsOpen(false);
+  }), [signOut]);
+  const handleSignIn = useCallback2(() => __async(void 0, null, function* () {
+    yield signIn(displayMode);
+    setIsOpen(false);
+  }), [signIn, displayMode]);
+  const handleEscape = useCallback2((event) => {
+    if (event.key === "Escape") {
+      setIsOpen(false);
+    }
+  }, []);
   useEffect2(() => {
-    const handleEscape = (event) => {
-      if (event.key === "Escape") {
-        setIsOpen(false);
-      }
-    };
     if (isOpen) {
+      window.addEventListener("click", handleClickOutside);
       window.addEventListener("keydown", handleEscape);
     }
     return () => {
+      window.removeEventListener("click", handleClickOutside);
       window.removeEventListener("keydown", handleEscape);
     };
-  }, [isOpen]);
-  useEffect2(() => {
-    const handleClick = (event) => {
-      const target = event.target;
-      if (!target.closest("#civic-dropdown-container")) {
-        setIsOpen(false);
-      }
-    };
-    if (isOpen) {
-      window.addEventListener("click", handleClick);
-    }
-    return () => {
-      window.removeEventListener("click", handleClick);
-    };
-  }, [isOpen]);
-  useEffect2(() => {
-    if (!isAuthenticated) {
-      setIsOpen(false);
-    }
-  }, [isAuthenticated]);
+  }, [handleClickOutside, handleEscape, isOpen]);
   if (isAuthenticated) {
-    return /* @__PURE__ */ jsxs3("div", { className: "relative", id: "civic-dropdown-container", children: [
-      /* @__PURE__ */ jsxs3(
+    return /* @__PURE__ */ jsxs4("div", { className: "relative", id: "civic-dropdown-container", children: [
+      /* @__PURE__ */ jsxs4(
         "button",
         {
           className: cn(
@@ -749,28 +860,28 @@ var UserButton = ({
           ),
           onClick: () => setIsOpen((isOpen2) => !isOpen2),
           children: [
-            (user == null ? void 0 : user.picture) ? /* @__PURE__ */ jsx5("span", { className: "relative flex h-10 w-10 shrink-0 gap-2 overflow-hidden rounded-full", children: /* @__PURE__ */ jsx5(
+            (user == null ? void 0 : user.picture) ? /* @__PURE__ */ jsx7("span", { className: "relative flex h-10 w-10 shrink-0 gap-2 overflow-hidden rounded-full", children: /* @__PURE__ */ jsx7(
               "img",
               {
                 className: "h-full w-full object-cover",
                 src: user.picture,
                 alt: (user == null ? void 0 : user.name) || (user == null ? void 0 : user.email)
               }
-            ) }) : /* @__PURE__ */ jsx5("div", {}),
-            /* @__PURE__ */ jsx5("span", { children: (user == null ? void 0 : user.name) || (user == null ? void 0 : user.email) }),
-            isOpen ? /* @__PURE__ */ jsx5(ChevronUp, {}) : /* @__PURE__ */ jsx5(ChevronDown, {})
+            ) }) : /* @__PURE__ */ jsx7("div", {}),
+            /* @__PURE__ */ jsx7("span", { children: (user == null ? void 0 : user.name) || (user == null ? void 0 : user.email) }),
+            isOpen ? /* @__PURE__ */ jsx7(ChevronUp, {}) : /* @__PURE__ */ jsx7(ChevronDown, {})
           ]
         }
       ),
-      /* @__PURE__ */ jsx5(
+      /* @__PURE__ */ jsx7(
         "div",
         {
           className: isOpen ? "absolute right-0 mt-2 w-full rounded-lg bg-white py-2 text-neutral-500 shadow-xl" : "hidden",
-          children: /* @__PURE__ */ jsx5("ul", { children: /* @__PURE__ */ jsx5("li", { children: /* @__PURE__ */ jsx5(
+          children: /* @__PURE__ */ jsx7("ul", { children: /* @__PURE__ */ jsx7("li", { children: /* @__PURE__ */ jsx7(
             "button",
             {
               className: "block w-full px-4 py-2 transition-colors hover:bg-neutral-200 hover:bg-opacity-50",
-              onClick: () => signOut(),
+              onClick: handleSignOut,
               children: "Logout"
             }
           ) }) })
@@ -778,53 +889,186 @@ var UserButton = ({
       )
     ] });
   }
-  return /* @__PURE__ */ jsx5(
+  return /* @__PURE__ */ jsx7(
     "button",
     {
       className: cn(
         "rounded-full border border-neutral-500 px-3 py-2 transition-colors hover:bg-neutral-200 hover:bg-opacity-50",
         className
       ),
-      onClick: () => signIn(displayMode),
+      onClick: handleSignIn,
       children: "Sign in"
     }
   );
 };
-// src/react/providers/ParamsProvider.tsx
-import { createContext as createContext3 } from "react";
-import { jsx as jsx6 } from "react/jsx-runtime";
-var ParamsContext = createContext3(null);
-var ParamsProvider = ({
-  children,
-  clientId,
-  redirectUrl,
-  config,
-  nonce
+// src/react/components/SignInButton.tsx
+import { jsx as jsx8 } from "react/jsx-runtime";
+var SignInButton = ({
+  displayMode,
+  className
 }) => {
-  const value = {
-    clientId,
-    redirectUrl,
-    config,
-    nonce
-  };
-  return /* @__PURE__ */ jsx6(ParamsContext.Provider, { value, children });
+  const { signIn } = useAuth();
+  return /* @__PURE__ */ jsx8(
+    "button",
+    {
+      className: cn(
+        "rounded-full border border-neutral-500 px-3 py-2 transition-colors hover:bg-neutral-200 hover:bg-opacity-50",
+        className
+      ),
+      onClick: () => signIn(displayMode),
+      children: "Sign In"
+    }
+  );
+};
+// src/react/components/SignOutButton.tsx
+import { jsx as jsx9 } from "react/jsx-runtime";
+var SignOutButton = ({ className }) => {
+  const { signOut } = useAuth();
+  return /* @__PURE__ */ jsx9(
+    "button",
+    {
+      className: cn(
+        "rounded-full border border-neutral-500 px-3 py-2 transition-colors hover:bg-neutral-200 hover:bg-opacity-50",
+        className
+      ),
+      onClick: () => signOut(),
+      children: "Sign Out"
+    }
+  );
+};
+// src/lib/logger.ts
+import debug from "debug";
+var PACKAGE_NAME = "@civic/auth";
+var DebugLogger = class {
+  constructor(namespace) {
+    this.debugLogger = debug(`${PACKAGE_NAME}:${namespace}:debug`);
+    this.infoLogger = debug(`${PACKAGE_NAME}:${namespace}:info`);
+    this.warnLogger = debug(`${PACKAGE_NAME}:${namespace}:warn`);
+    this.errorLogger = debug(`${PACKAGE_NAME}:${namespace}:error`);
+    this.debugLogger.color = "4";
+    this.infoLogger.color = "2";
+    this.warnLogger.color = "3";
+    this.errorLogger.color = "1";
+  }
+  debug(message, ...args) {
+    this.debugLogger(message, ...args);
+  }
+  info(message, ...args) {
+    this.infoLogger(message, ...args);
+  }
+  warn(message, ...args) {
+    this.warnLogger(message, ...args);
+  }
+  error(message, ...args) {
+    this.errorLogger(message, ...args);
+  }
+};
+var createLogger = (namespace) => new DebugLogger(namespace);
+var loggers = {
+  // Next.js specific loggers
+  nextjs: {
+    routes: createLogger("api:routes"),
+    middleware: createLogger("api:middleware"),
+    handlers: {
+      auth: createLogger("api:handlers:auth")
+    }
+  },
+  // React specific loggers
+  react: {
+    components: createLogger("react:components"),
+    hooks: createLogger("react:hooks"),
+    context: createLogger("react:context")
+  },
+  // Shared utilities loggers
+  services: {
+    validation: createLogger("utils:validation"),
+    network: createLogger("utils:network")
+  }
+};
+// src/nextjs/config.ts
+var logger = loggers.nextjs.handlers.auth;
+var defaultAuthConfig = {
+  oauthServer: "https://auth-dev.civic.com/oauth",
+  callbackUrl: "/api/auth/callback",
+  challengeUrl: "/api/auth/challenge",
+  logoutUrl: "/api/auth/logout",
+  loginUrl: "/",
+  include: ["/*"],
+  exclude: [],
+  cookies: {
+    tokens: {
+      sameSite: "strict",
+      path: "/",
+      maxAge: 60 * 60
+      // 1 hour
+    },
+    user: {
+      sameSite: "strict",
+      path: "/",
+      maxAge: 60 * 60
+      // 1 hour
+    }
+  }
+};
+var withoutUndefined = (obj) => {
+  const result = {};
+  for (const key in obj) {
+    if (obj[key] !== void 0) {
+      result[key] = obj[key];
+    }
+  }
+  return result;
+};
+var resolveAuthConfig = (config = {}) => {
+  var _a, _b, _c, _d;
+  const configFromEnv = withoutUndefined({
+    clientId: process.env._civic_auth_client_id,
+    oauthServer: process.env._civic_oauth_server,
+    callbackUrl: process.env._civic_auth_callback_url,
+    loginUrl: process.env._civic_auth_login_url,
+    logoutUrl: process.env._civic_auth_logout_url,
+    include: (_a = process.env._civic_auth_includes) == null ? void 0 : _a.split(","),
+    exclude: (_b = process.env._civic_auth_excludes) == null ? void 0 : _b.split(","),
+    cookies: process.env._civic_auth_cookie_config ? JSON.parse(process.env._civic_auth_cookie_config) : void 0
+  });
+  const mergedConfig = __spreadProps(__spreadValues(__spreadValues(__spreadValues({}, defaultAuthConfig), configFromEnv), config), {
+    // Override with directly passed config
+    cookies: {
+      tokens: __spreadValues(__spreadValues({}, defaultAuthConfig.cookies.tokens), ((_c = config.cookies) == null ? void 0 : _c.tokens) || {}),
+      user: __spreadValues(__spreadValues({}, defaultAuthConfig.cookies.user), ((_d = config.cookies) == null ? void 0 : _d.user) || {})
+    }
+  });
+  logger.debug("Config from environment:", configFromEnv);
+  logger.debug("Resolved config:", mergedConfig);
+  if (mergedConfig.clientId === void 0) {
+    throw new Error("Civic Auth client ID is required");
+  }
+  return mergedConfig;
+};
+// src/react/components/NextLogOut.tsx
+import { jsx as jsx10 } from "react/jsx-runtime";
+var NextLogOut = ({ children }) => {
+  const config = resolveAuthConfig();
+  const logoutUrl = `${config.logoutUrl}`;
+  return /* @__PURE__ */ jsx10("a", { href: logoutUrl, children });
 };
 // src/react/providers/SessionProvider.tsx
-import { createContext as createContext4 } from "react";
-import { jsx as jsx7 } from "react/jsx-runtime";
+import { createContext as createContext3 } from "react";
+import { jsx as jsx11 } from "react/jsx-runtime";
 var defaultSession = {
   authenticated: false,
   idToken: void 0,
   accessToken: void 0,
   displayMode: "iframe"
 };
-var SessionContext = createContext4(defaultSession);
-var SessionProvider = ({ children, session }) => /* @__PURE__ */ jsx7(SessionContext.Provider, { value: session || defaultSession, children });
-// src/constants.ts
-var DEFAULT_SCOPES = ["openid", "profile", "email", "forwardedTokens"];
+var SessionContext = createContext3(defaultSession);
+var SessionProvider = ({ children, session }) => /* @__PURE__ */ jsx11(SessionContext.Provider, { value: session || defaultSession, children });
 // src/config.ts
 var authConfig = {
@@ -832,9 +1076,24 @@ var authConfig = {
   oauthServer: "https://auth-dev.civic.com/oauth/"
 };
-// src/react/providers/AuthProvider.tsx
-import { jsx as jsx8, jsxs as jsxs4 } from "react/jsx-runtime";
-var AuthContext = createContext5(null);
+// src/lib/windowUtil.ts
+var isWindowInIframe = (window2) => {
+  var _a;
+  if (typeof window2 !== "undefined") {
+    try {
+      if (((_a = window2 == null ? void 0 : window2.frameElement) == null ? void 0 : _a.id) === "civic-auth-iframe") {
+        return true;
+      }
+    } catch (_e) {
+      return false;
+    }
+  }
+  return false;
+};
+// src/shared/AuthProvider.tsx
+import { jsx as jsx12, jsxs as jsxs5 } from "react/jsx-runtime";
+var AuthContext = createContext4(null);
 var globalThisObject;
 if (typeof window !== "undefined") {
   globalThisObject = window;
@@ -851,28 +1110,21 @@ var AuthProvider = ({
   config = authConfig,
   nonce,
   onSignIn,
-  onSignOut
+  onSignOut,
+  authServiceImpl,
+  serverSideTokenExchange
 }) => {
   const [iframeUrl, setIframeUrl] = useState3(null);
   const [currentUrl, setCurrentUrl] = useState3(null);
   const [isInIframe, setIsInIframe] = useState3(false);
   const [authResponseUrl, setAuthResponseUrl] = useState3(null);
-  const [tokenExchangeInProgress, setTokenExchangeInProgress] = useState3(false);
   const [tokenExchangeError, setTokenExchangeError] = useState3();
-  const queryClient2 = useQueryClient2();
+  const queryClient3 = useQueryClient2();
+  const iframeRef = useRef2(null);
   useEffect3(() => {
-    var _a, _b;
     if (typeof globalThis.window !== "undefined") {
       setCurrentUrl(globalThis.window.location.href);
-      let isInIframeVal = false;
-      try {
-        if (((_b = (_a = globalThis.window) == null ? void 0 : _a.frameElement) == null ? void 0 : _b.id) === "civic-auth-iframe") {
-          isInIframeVal = true;
-        }
-      } catch (_e) {
-        isInIframeVal = false;
-      }
-      console.log("isInIframeVal", isInIframeVal);
+      const isInIframeVal = isWindowInIframe(globalThis.window);
       setIsInIframe(isInIframeVal);
     }
   }, []);
@@ -881,39 +1133,37 @@ var AuthProvider = ({
     [currentUrl, inputRedirectUrl]
   );
   const authService = useMemo2(
-    () => currentUrl ? new AuthSessionServiceImpl(
+    () => currentUrl ? authServiceImpl || new AuthSessionServiceImpl(
       clientId,
       redirectUrl,
       config == null ? void 0 : config.oauthServer,
       config == null ? void 0 : config.endpoints
     ) : null,
-    [currentUrl, clientId, redirectUrl, config]
+    [currentUrl, clientId, redirectUrl, config, authServiceImpl]
   );
+  const [userInfoService, setUserInfoService] = useState3();
+  useEffect3(() => {
+    if (!authService) return;
+    authService.getUserInfoService().then(setUserInfoService);
+  }, [authService]);
   const {
     data: session,
     isLoading,
     error
   } = useQuery2({
-    queryKey: ["session"],
+    queryKey: ["session", authResponseUrl, iframeUrl, currentUrl, isInIframe],
     queryFn: () => __async(void 0, null, function* () {
-      const url = new URL(globalThis.window.location.href || "");
-      console.log("AuthProvider useQuery", { isInIframe, url, authService });
       if (!authService) {
         return { authenticated: false };
       }
-      const existingSessionData = yield authService.validateExistingSession();
-      if (existingSessionData.authenticated) {
-        return existingSessionData;
-      }
+      const url = new URL(
+        authResponseUrl ? authResponseUrl : globalThis.window.location.href || ""
+      );
       const code = url.searchParams.get("code");
-      if (code && !isInIframe) {
+      if (code && !isInIframe && !serverSideTokenExchange) {
         try {
           console.log("AuthProvider useQuery code", { isInIframe, code });
-          setTokenExchangeInProgress(true);
-          const newSession = yield authService.tokenExchange(
-            globalThis.window.location.href
-          );
-          setTokenExchangeInProgress(false);
+          const newSession = yield authService.tokenExchange(url.toString());
           onSignIn == null ? void 0 : onSignIn();
           return newSession;
         } catch (error2) {
@@ -924,21 +1174,28 @@ var AuthProvider = ({
           return { authenticated: false };
         }
       }
+      const existingSessionData = yield authService.validateExistingSession();
+      if (existingSessionData.authenticated) {
+        return existingSessionData;
+      }
       return existingSessionData;
-    }),
-    enabled: !!authService && !!currentUrl && !isInIframe
+    })
   });
   const signOutMutation = useMutation2({
     mutationFn: () => __async(void 0, null, function* () {
       authService == null ? void 0 : authService.updateSessionData({});
+      setIframeUrl(null);
       setAuthResponseUrl(null);
       onSignOut == null ? void 0 : onSignOut();
     }),
     onSuccess: () => {
-      queryClient2.setQueryData(["session"], null);
+      queryClient3.setQueryData(
+        ["session", authResponseUrl, iframeUrl, currentUrl, isInIframe],
+        null
+      );
     }
   });
-  const signIn = useCallback2(
+  const signIn = useCallback3(
     (overrideDisplayMode = "iframe") => __async(void 0, null, function* () {
       if (!authService) return;
       const url = yield authService.getAuthorizationUrl(
@@ -959,118 +1216,151 @@ var AuthProvider = ({
     () => session ? session.authenticated : false,
     [session]
   );
-  useEffect3(() => {
-    if (!authService || !authResponseUrl) return;
-    const url = new URL(authResponseUrl);
-    const code = url.searchParams.get("code");
-    console.log("AuthProvider useEffect code", {
-      isAuthenticated,
-      code,
-      tokenExchangeInProgress,
-      isInIframe
-    });
-    if (code && !isAuthenticated && !tokenExchangeInProgress && !isInIframe) {
-      try {
-        setTokenExchangeInProgress(true);
-        authService.tokenExchange(authResponseUrl).then((newSession) => {
-          queryClient2.setQueryData(["session"], newSession);
-          setIframeUrl(null);
-          onSignIn == null ? void 0 : onSignIn();
-        }).catch((error2) => {
-          setTokenExchangeError(error2);
-        }).finally(() => {
-          setTokenExchangeInProgress(false);
-        });
-      } catch (error2) {
-        setTokenExchangeInProgress(false);
-        onSignIn == null ? void 0 : onSignIn(
-          error2 instanceof Error ? error2 : new Error("Failed to sign in")
-        );
-      }
-    }
-  }, [
-    authService,
-    onSignIn,
-    queryClient2,
-    isAuthenticated,
-    authResponseUrl,
-    tokenExchangeInProgress,
-    isInIframe
-  ]);
   const value = useMemo2(
     () => ({
       isLoading,
       error,
-      signOut: signOutMutation.mutate,
+      signOut: () => __async(void 0, null, function* () {
+        yield signOutMutation.mutateAsync();
+      }),
       isAuthenticated,
       signIn
     }),
-    [isLoading, error, signOutMutation.mutate, isAuthenticated, signIn]
-  );
-  return /* @__PURE__ */ jsx8(
-    AuthContext.Provider,
-    {
-      value: __spreadProps(__spreadValues({}, value), {
-        signOut: () => __async(void 0, null, function* () {
-          yield signOutMutation.mutateAsync();
-        })
-      }),
-      children: /* @__PURE__ */ jsx8(
-        ParamsProvider,
-        {
-          clientId,
-          redirectUrl,
-          config,
-          nonce,
-          children: /* @__PURE__ */ jsx8(SessionProvider, { session, children: /* @__PURE__ */ jsx8(TokenProvider, { children: /* @__PURE__ */ jsxs4(UserProvider, { children: [
-            !isInIframe && iframeUrl && !(session == null ? void 0 : session.authenticated) && /* @__PURE__ */ jsx8(
-              CivicAuthIframe,
-              {
-                authUrl: iframeUrl,
-                redirectUri: redirectUrl,
-                setAuthResponseUrl,
-                onClose: () => setIframeUrl(null)
-              }
-            ),
-            (tokenExchangeInProgress || tokenExchangeError || isLoading || isInIframe) && /* @__PURE__ */ jsxs4("div", { className: "absolute left-0 top-0 z-[9999] flex h-screen w-screen items-center justify-center bg-white", children: [
-              " ",
-              /* @__PURE__ */ jsx8("div", { className: "absolute inset-0 flex items-center justify-center bg-white", children: tokenExchangeError ? /* @__PURE__ */ jsxs4("div", { children: [
-                "Error: ",
-                tokenExchangeError.message
-              ] }) : /* @__PURE__ */ jsx8(LoadingIcon, {}) })
-            ] }),
-            children
-          ] }) }) })
-        }
-      )
-    }
+    [isLoading, error, signOutMutation, isAuthenticated, signIn]
   );
+  return /* @__PURE__ */ jsx12(AuthContext.Provider, { value, children: /* @__PURE__ */ jsx12(SessionProvider, { session, children: /* @__PURE__ */ jsx12(TokenProvider, { children: /* @__PURE__ */ jsxs5(UserProvider, { userInfoService, children: [
+    !isInIframe && iframeUrl && !(session == null ? void 0 : session.authenticated) && /* @__PURE__ */ jsx12(
+      CivicAuthIframeModal,
+      {
+        iframeRef,
+        authUrl: iframeUrl,
+        redirectUri: redirectUrl,
+        setAuthResponseUrl,
+        onClose: () => setIframeUrl(null)
+      }
+    ),
+    (tokenExchangeError || isLoading || error || isInIframe && !(tokenExchangeError || error)) && /* @__PURE__ */ jsx12("div", { className: "absolute left-0 top-0 z-50 flex h-screen w-screen items-center justify-center bg-white", children: /* @__PURE__ */ jsx12("div", { className: "absolute inset-0 flex items-center justify-center bg-white", children: tokenExchangeError || error ? /* @__PURE__ */ jsxs5("div", { children: [
+      "Error:",
+      " ",
+      (tokenExchangeError || error).message
+    ] }) : /* @__PURE__ */ jsx12(LoadingIcon, {}) }) }),
+    children
+  ] }) }) }) });
 };
-// src/react/providers/CivicProvider.tsx
+// src/shared/CivicAuthProvider.tsx
 import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
-import { jsx as jsx9 } from "react/jsx-runtime";
+import "@civic/auth/styles.css";
+import { jsx as jsx13 } from "react/jsx-runtime";
 var queryClient = new QueryClient();
-var CivicProvider = (_a) => {
+var CivicAuthProvider = (_a) => {
   var _b = _a, { children } = _b, props = __objRest(_b, ["children"]);
-  return /* @__PURE__ */ jsx9(QueryClientProvider, { client: queryClient, children: /* @__PURE__ */ jsx9(AuthProvider, __spreadProps(__spreadValues({}, props), { children })) });
+  return /* @__PURE__ */ jsx13(QueryClientProvider, { client: queryClient, children: /* @__PURE__ */ jsx13(AuthProvider, __spreadProps(__spreadValues({}, props), { children })) });
 };
-// src/react/hooks/useUser.tsx
-var useUser = () => {
-  const context = useContext3(UserContext);
-  if (!context) {
-    throw new Error("useUser must be used within a UserProvider");
+// src/react/providers/NextAuthProvider.tsx
+import { createContext as createContext5, useContext as useContext3, useEffect as useEffect5, useMemo as useMemo3, useState as useState4 } from "react";
+// src/react/hooks/useUserCookie.ts
+import { useEffect as useEffect4, useRef as useRef3 } from "react";
+import { useRouter } from "next/navigation.js";
+import { useQuery as useQuery3 } from "@tanstack/react-query";
+// src/lib/cookies.ts
+var getCookieValue = (key, window2) => {
+  const cookie = window2.document.cookie;
+  if (!cookie) return null;
+  const cookies = cookie.split(";");
+  for (const c of cookies) {
+    const [name, value] = c.trim().split("=");
+    if (name === key) {
+      try {
+        return JSON.parse(decodeURIComponent(value));
+      } catch (e) {
+        console.log("Error parsing cookie value", e);
+        return value;
+      }
+    }
   }
-  return context;
+  return null;
 };
-// src/react/hooks/useParams.tsx
-import { useContext as useContext4 } from "react";
-var useParams = () => {
-  const context = useContext4(ParamsContext);
+// src/react/hooks/useUserCookie.ts
+var getUserFromCookie = () => {
+  const userCookie = getCookieValue("user", globalThis.window);
+  return userCookie;
+};
+var useUserCookie = () => {
+  const hasRunRef = useRef3(false);
+  const router = useRouter();
+  const { data: user } = useQuery3({
+    queryKey: ["user"],
+    queryFn: () => getUserFromCookie(),
+    refetchInterval: 2e3,
+    refetchIntervalInBackground: true,
+    enabled: !hasRunRef.current,
+    refetchOnWindowFocus: true
+  });
+  useEffect4(() => {
+    if (user) {
+      if (!hasRunRef.current) {
+        hasRunRef.current = true;
+        router.refresh();
+      }
+    } else {
+      hasRunRef.current = false;
+    }
+  }, [user, router]);
+  return user;
+};
+// src/react/providers/NextAuthProvider.tsx
+import { QueryClient as QueryClient2, QueryClientProvider as QueryClientProvider2 } from "@tanstack/react-query";
+import { jsx as jsx14 } from "react/jsx-runtime";
+var queryClient2 = new QueryClient2();
+var defaultUserContext = { user: null };
+var UserContext2 = createContext5(defaultUserContext);
+var CivicNextAuthProvider = (_a) => {
+  var _b = _a, {
+    children
+  } = _b, props = __objRest(_b, [
+    "children"
+  ]);
+  const user = useUserCookie();
+  const [redirectUrl, setRedirectUrl] = useState4("");
+  const { clientId, oauthServer, callbackUrl, challengeUrl } = resolveAuthConfig();
+  useEffect5(() => {
+    if (typeof globalThis.window !== "undefined") {
+      const currentUrl = globalThis.window.location.href;
+      setRedirectUrl(new URL(callbackUrl, currentUrl).toString());
+    }
+  }, [callbackUrl]);
+  const authService = useMemo3(() => {
+    if (redirectUrl && clientId && oauthServer) {
+      return new AuthSessionServiceImpl(clientId, redirectUrl, oauthServer, {
+        challenge: challengeUrl
+      });
+    }
+    return void 0;
+  }, [redirectUrl, clientId, oauthServer, challengeUrl]);
+  return /* @__PURE__ */ jsx14(QueryClientProvider2, { client: queryClient2, children: /* @__PURE__ */ jsx14(
+    AuthProvider,
+    __spreadProps(__spreadValues({}, props), {
+      config: { oauthServer },
+      clientId,
+      authServiceImpl: authService,
+      serverSideTokenExchange: true,
+      children: /* @__PURE__ */ jsx14(UserContext2.Provider, { value: user, children })
+    })
+  ) });
+};
+var useNextUser = () => useContext3(UserContext2);
+// src/react/hooks/useUser.tsx
+var useUser = () => {
+  const context = useContext4(UserContext);
   if (!context) {
-    throw new Error("useParams must be used within an ParamsProvider");
+    throw new Error("useUser must be used within a UserProvider");
   }
   return context;
 };
@@ -1085,12 +1375,17 @@ var useSession = () => {
   return context;
 };
 export {
-  CivicProvider,
+  CivicAuthProvider,
+  CivicNextAuthProvider,
+  NextLogOut,
+  SignInButton,
+  SignOutButton,
   UserButton,
   useAuth,
-  useParams,
+  useNextUser,
   useSession,
   useToken,
-  useUser
+  useUser,
+  useUserCookie
 };
 //# sourceMappingURL=react.mjs.map