@civic/auth 0.0.1-beta.0 → 0.0.1-beta.10

package/dist/nextjs.mjs

@@ -1,99 +1,245 @@
-'use client'
-var __defProp = Object.defineProperty;
-var __defProps = Object.defineProperties;
-var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
-var __getOwnPropSymbols = Object.getOwnPropertySymbols;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __propIsEnum = Object.prototype.propertyIsEnumerable;
-var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
-var __spreadValues = (a, b) => {
-  for (var prop in b || (b = {}))
-    if (__hasOwnProp.call(b, prop))
-      __defNormalProp(a, prop, b[prop]);
-  if (__getOwnPropSymbols)
-    for (var prop of __getOwnPropSymbols(b)) {
-      if (__propIsEnum.call(b, prop))
-        __defNormalProp(a, prop, b[prop]);
-    }
-  return a;
+import {
+  createCivicAuthPlugin,
+  defaultAuthConfig,
+  loggers,
+  resolveAuthConfig,
+  resolveCallbackUrl
+} from "./chunk-EAANLFR5.mjs";
+import {
+  CookieStorage,
+  resolveOAuthAccessCode
+} from "./chunk-EGFTMH5S.mjs";
+import {
+  GenericPublicClientPKCEProducer,
+  GenericUserSession,
+  clearTokens,
+  getUser
+} from "./chunk-PMDIR5XE.mjs";
+import {
+  __async,
+  __spreadProps,
+  __spreadValues
+} from "./chunk-RGHW4PYM.mjs";
+
+// src/nextjs/cookies.ts
+import { cookies } from "next/headers.js";
+var clearAuthCookies = () => __async(void 0, null, function* () {
+  const cookieStorage = new NextjsCookieStorage();
+  clearTokens(cookieStorage);
+  const clientStorage = new NextjsClientStorage();
+  const userSession = new GenericUserSession(clientStorage);
+  userSession.set(null);
+});
+var NextjsCookieStorage = class extends CookieStorage {
+  constructor(config = {}) {
+    super(__spreadProps(__spreadValues({}, config), {
+      secure: true,
+      httpOnly: true
+    }));
+  }
+  get(key) {
+    var _a;
+    return ((_a = cookies().get(key)) == null ? void 0 : _a.value) || null;
+  }
+  set(key, value) {
+    cookies().set(key, value, this.settings);
+  }
 };
-var __spreadProps = (a, b) => __defProps(a, __getOwnPropDescs(b));
-var __async = (__this, __arguments, generator) => {
-  return new Promise((resolve, reject) => {
-    var fulfilled = (value) => {
-      try {
-        step(generator.next(value));
-      } catch (e) {
-        reject(e);
-      }
-    };
-    var rejected = (value) => {
-      try {
-        step(generator.throw(value));
-      } catch (e) {
-        reject(e);
-      }
-    };
-    var step = (x) => x.done ? resolve(x.value) : Promise.resolve(x.value).then(fulfilled, rejected);
-    step((generator = generator.apply(__this, __arguments)).next());
-  });
+var NextjsClientStorage = class extends CookieStorage {
+  constructor(config = {}) {
+    super(__spreadProps(__spreadValues({}, config), {
+      secure: false,
+      httpOnly: false
+    }));
+  }
+  get(key) {
+    var _a;
+    return ((_a = cookies().get(key)) == null ? void 0 : _a.value) || null;
+  }
+  set(key, value) {
+    cookies().set(key, value, this.settings);
+  }
+};
+
+// src/nextjs/GetUser.ts
+var getUser2 = () => {
+  const clientStorage = new NextjsClientStorage();
+  const userSession = new GenericUserSession(clientStorage);
+  return userSession.get();
 };
 
-// src/nextjs/index.ts
-import { NextResponse } from "next/server";
-import { validateJWT } from "oslo/jwt";
-var defaults = {
-  loginUrl: "/"
-  // by default, redirect to the root
+// src/nextjs/middleware.ts
+import { NextResponse } from "next/server.js";
+import picomatch from "picomatch";
+var matchGlob = (pathname, globPattern) => {
+  const matches = picomatch(globPattern);
+  return matches(pathname);
 };
-var redirectNoLoops = (newUrl, req) => {
-  const redirectUrl = new URL(newUrl, req.url);
-  req.nextUrl.searchParams.forEach((value, key) => {
-    redirectUrl.searchParams.append(key, value);
+var matchesGlobs = (pathname, patterns) => patterns.some((pattern) => {
+  if (!pattern) return false;
+  console.log("matching", {
+    pattern,
+    pathname,
+    match: matchGlob(pathname, pattern)
   });
-  if (redirectUrl.toString() !== req.url) {
-    return NextResponse.redirect(redirectUrl);
+  return matchGlob(pathname, pattern);
+});
+var applyAuth = (authConfig, request) => __async(void 0, null, function* () {
+  const authConfigWithDefaults = resolveAuthConfig(authConfig);
+  const isAuthenticated = !!request.cookies.get("id_token");
+  if (request.nextUrl.pathname === authConfigWithDefaults.loginUrl) {
+    console.log("\u2192 Skipping auth check - this is the login URL");
+    return void 0;
   }
-};
-var authMiddleware = (config = defaults) => (req) => __async(void 0, null, function* () {
-  var _a;
-  const idToken = (_a = req.cookies.get("id_token")) == null ? void 0 : _a.value;
-  if (!idToken) {
-    return redirectNoLoops(config.loginUrl, req);
+  if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {
+    console.log("\u2192 Skipping auth check - path not in include patterns");
+    return void 0;
   }
-  try {
-    const jwt = yield validateJWT(
-      "HS256",
-      Buffer.from(process.env.LOGIN_JWT_SECRET),
-      idToken
-    );
-    if (!jwt) {
-      return NextResponse.json("Malformed token", { status: 400 });
+  if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {
+    console.log("\u2192 Skipping auth check - path in exclude patterns");
+    return void 0;
+  }
+  if (!isAuthenticated) {
+    console.log("\u2192 No valid token found - redirecting to login");
+    const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.url);
+    return NextResponse.redirect(loginUrl);
+  }
+  console.log("\u2192 Auth check passed");
+  return void 0;
+});
+var authMiddleware = (authConfig = defaultAuthConfig) => (request) => __async(void 0, null, function* () {
+  const response = yield applyAuth(authConfig, request);
+  if (response) return response;
+  return NextResponse.next();
+});
+function withAuth(middleware) {
+  return (request) => __async(this, null, function* () {
+    const response = yield applyAuth({}, request);
+    if (response) return response;
+    return middleware(request);
+  });
+}
+function auth(authConfig = {}) {
+  return (middleware) => {
+    return (request) => __async(this, null, function* () {
+      const response = yield applyAuth(authConfig, request);
+      if (response) return response;
+      return middleware(request);
+    });
+  };
+}
+
+// src/nextjs/routeHandler.ts
+import { NextResponse as NextResponse2 } from "next/server.js";
+import { revalidatePath } from "next/cache.js";
+var logger = loggers.nextjs.handlers.auth;
+var AuthError = class extends Error {
+  constructor(message, status = 401) {
+    super(message);
+    this.status = status;
+    this.name = "AuthError";
+  }
+};
+function handleChallenge() {
+  return __async(this, null, function* () {
+    const cookieStorage = new NextjsCookieStorage();
+    const pkceProducer = new GenericPublicClientPKCEProducer(cookieStorage);
+    const challenge = yield pkceProducer.getCodeChallenge();
+    return NextResponse2.json({ status: "success", challenge });
+  });
+}
+function handleCallback(request, config) {
+  return __async(this, null, function* () {
+    const tokenExchange = request.nextUrl.searchParams.get("tokenExchange");
+    if (!tokenExchange) {
+      const response2 = new NextResponse2(`<html></html>`);
+      response2.headers.set("Content-Type", "text/html; charset=utf-8");
+      return response2;
     }
-    if (!jwt.expiresAt) {
-      return NextResponse.json("Token missing expiration", { status: 400 });
+    const code = request.nextUrl.searchParams.get("code");
+    const state = request.nextUrl.searchParams.get("state");
+    if (!code || !state) throw new AuthError("Bad parameters", 400);
+    const cookieStorage = new NextjsCookieStorage();
+    const resolvedConfigs = resolveAuthConfig(config);
+    const callbackUrl = resolveCallbackUrl(resolvedConfigs, request.url);
+    try {
+      yield resolveOAuthAccessCode(code, state, cookieStorage, __spreadProps(__spreadValues({}, resolvedConfigs), {
+        redirectUrl: callbackUrl
+      }));
+    } catch (error) {
+      logger.error("Token exchange failed:", error);
+      throw new AuthError("Failed to authenticate user", 401);
     }
-    if (jwt.expiresAt.getTime() < Date.now()) {
-      return redirectNoLoops(config.loginUrl, req);
+    const user = yield getUser(cookieStorage);
+    if (!user) {
+      throw new AuthError("Failed to get user info", 401);
     }
-    const token = jwt.payload;
-    if (!token.id) {
-      return NextResponse.json("Unauthorized", { status: 401 });
+    const clientStorage = new NextjsClientStorage();
+    const userSession = new GenericUserSession(clientStorage);
+    userSession.set(user);
+    const response = new NextResponse2(`<html></html>`);
+    response.headers.set("Content-Type", "text/html; charset=utf-8");
+    return response;
+  });
+}
+var getAbsoluteRedirectPath = (redirectPath, currentBasePath) => {
+  if (/^(https?:\/\/|www\.).+/i.test(redirectPath)) {
+    return redirectPath;
+  }
+  return new URL(redirectPath, currentBasePath).href;
+};
+function handleLogout(request, config) {
+  return __async(this, null, function* () {
+    var _a;
+    const resolvedConfigs = resolveAuthConfig(config);
+    const defaultRedirectPath = (_a = resolvedConfigs.loginUrl) != null ? _a : "/";
+    const redirectTarget = new URL(request.url).searchParams.get("redirect") || defaultRedirectPath;
+    const isAbsoluteRedirect = /^(https?:\/\/|www\.).+/i.test(redirectTarget);
+    const finalRedirectUrl = getAbsoluteRedirectPath(
+      redirectTarget,
+      new URL(request.url).origin
+    );
+    const response = NextResponse2.redirect(finalRedirectUrl);
+    clearAuthCookies();
+    try {
+      revalidatePath(isAbsoluteRedirect ? finalRedirectUrl : redirectTarget);
+    } catch (error) {
+      logger.warn("Failed to revalidate path after logout:", error);
+    }
+    return response;
+  });
+}
+var handler = (authConfig = {}) => (request) => __async(void 0, null, function* () {
+  const config = resolveAuthConfig(authConfig);
+  try {
+    const pathname = request.nextUrl.pathname;
+    const pathSegments = pathname.split("/");
+    const lastSegment = pathSegments[pathSegments.length - 1];
+    switch (lastSegment) {
+      case "challenge":
+        return yield handleChallenge();
+      case "callback":
+        return yield handleCallback(request, config);
+      case "logout":
+        return yield handleLogout(request, config);
+      default:
+        throw new AuthError(`Invalid auth route: ${pathname}`, 404);
     }
-    const requestHeaders = new Headers(req.headers);
-    requestHeaders.set("x-user-id", token.id);
-    return NextResponse.next({
-      request: __spreadProps(__spreadValues({}, req), {
-        // New request headers
-        headers: requestHeaders
-      })
-    });
   } catch (error) {
-    console.error("Failed to decode id_token:", error);
-    return redirectNoLoops(config.loginUrl, req);
+    logger.error("Auth handler error:", error);
+    const status = error instanceof AuthError ? error.status : 500;
+    const message = error instanceof Error ? error.message : "Authentication failed";
+    const response = NextResponse2.json({ error: message }, { status });
+    clearAuthCookies();
+    return response;
   }
 });
 export {
-  authMiddleware
+  auth,
+  authMiddleware,
+  createCivicAuthPlugin,
+  getUser2 as getUser,
+  handler,
+  withAuth
 };
 //# sourceMappingURL=nextjs.mjs.map

package/dist/nextjs.mjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/nextjs/index.ts"],"sourcesContent":["import { NextRequest, NextResponse } from \"next/server\";\n\nimport { type User } from \"@/types\";\n\nimport { validateJWT } from \"oslo/jwt\";\n\ntype AuthMiddlewareConfig = {\n  loginUrl: string;\n};\n\nconst defaults = {\n  loginUrl: \"/\", // by default, redirect to the root\n};\n\n// redirect if we are not already there, to avoid loops.\nconst redirectNoLoops = (newUrl: string, req: NextRequest) => {\n  const redirectUrl = new URL(newUrl, req.url);\n  // Append original query parameters to the new URL\n  req.nextUrl.searchParams.forEach((value, key) => {\n    redirectUrl.searchParams.append(key, value);\n  });\n\n  if (redirectUrl.toString() !== req.url) {\n    return NextResponse.redirect(redirectUrl);\n  }\n};\n\nconst authMiddleware =\n  (config: AuthMiddlewareConfig = defaults) =>\n  async (req: NextRequest) => {\n    // Retrieve the id_token from the cookies\n    const idToken = req.cookies.get(\"id_token\")?.value;\n\n    if (!idToken) {\n      return redirectNoLoops(config.loginUrl, req); // Redirect to login if no token is found\n    }\n\n    try {\n      const jwt = await validateJWT(\n        \"HS256\",\n        Buffer.from(process.env.LOGIN_JWT_SECRET!),\n        idToken,\n      );\n\n      // Check if the JWT is malformed\n      if (!jwt) {\n        return NextResponse.json(\"Malformed token\", { status: 400 });\n      }\n\n      // Check if the JWT is missing the expiration\n      if (!jwt.expiresAt) {\n        return NextResponse.json(\"Token missing expiration\", { status: 400 });\n      }\n\n      // Check expiration time\n      if (jwt.expiresAt.getTime() < Date.now()) {\n        return redirectNoLoops(config.loginUrl, req); // Redirect to login the token has expired\n      }\n\n      const token = jwt.payload as User;\n\n      if (!token.id) {\n        return NextResponse.json(\"Unauthorized\", { status: 401 });\n      }\n\n      // Store the email claim in the request headers\n      const requestHeaders = new Headers(req.headers);\n\n      requestHeaders.set(\"x-user-id\", token.id);\n\n      // Continue to the next middleware or route handler\n      return NextResponse.next({\n        request: {\n          ...req,\n\n          // New request headers\n          headers: requestHeaders,\n        },\n      });\n    } catch (error) {\n      console.error(\"Failed to decode id_token:\", error);\n\n      return redirectNoLoops(config.loginUrl, req); // Redirect to login on error\n    }\n  };\n\nexport type { AuthMiddlewareConfig };\n\nexport { authMiddleware };\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,SAAsB,oBAAoB;AAI1C,SAAS,mBAAmB;AAM5B,IAAM,WAAW;AAAA,EACf,UAAU;AAAA;AACZ;AAGA,IAAM,kBAAkB,CAAC,QAAgB,QAAqB;AAC5D,QAAM,cAAc,IAAI,IAAI,QAAQ,IAAI,GAAG;AAE3C,MAAI,QAAQ,aAAa,QAAQ,CAAC,OAAO,QAAQ;AAC/C,gBAAY,aAAa,OAAO,KAAK,KAAK;AAAA,EAC5C,CAAC;AAED,MAAI,YAAY,SAAS,MAAM,IAAI,KAAK;AACtC,WAAO,aAAa,SAAS,WAAW;AAAA,EAC1C;AACF;AAEA,IAAM,iBACJ,CAAC,SAA+B,aAChC,CAAO,QAAqB;AA7B9B;AA+BI,QAAM,WAAU,SAAI,QAAQ,IAAI,UAAU,MAA1B,mBAA6B;AAE7C,MAAI,CAAC,SAAS;AACZ,WAAO,gBAAgB,OAAO,UAAU,GAAG;AAAA,EAC7C;AAEA,MAAI;AACF,UAAM,MAAM,MAAM;AAAA,MAChB;AAAA,MACA,OAAO,KAAK,QAAQ,IAAI,gBAAiB;AAAA,MACzC;AAAA,IACF;AAGA,QAAI,CAAC,KAAK;AACR,aAAO,aAAa,KAAK,mBAAmB,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC7D;AAGA,QAAI,CAAC,IAAI,WAAW;AAClB,aAAO,aAAa,KAAK,4BAA4B,EAAE,QAAQ,IAAI,CAAC;AAAA,IACtE;AAGA,QAAI,IAAI,UAAU,QAAQ,IAAI,KAAK,IAAI,GAAG;AACxC,aAAO,gBAAgB,OAAO,UAAU,GAAG;AAAA,IAC7C;AAEA,UAAM,QAAQ,IAAI;AAElB,QAAI,CAAC,MAAM,IAAI;AACb,aAAO,aAAa,KAAK,gBAAgB,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC1D;AAGA,UAAM,iBAAiB,IAAI,QAAQ,IAAI,OAAO;AAE9C,mBAAe,IAAI,aAAa,MAAM,EAAE;AAGxC,WAAO,aAAa,KAAK;AAAA,MACvB,SAAS,iCACJ,MADI;AAAA;AAAA,QAIP,SAAS;AAAA,MACX;AAAA,IACF,CAAC;AAAA,EACH,SAAS,OAAO;AACd,YAAQ,MAAM,8BAA8B,KAAK;AAEjD,WAAO,gBAAgB,OAAO,UAAU,GAAG;AAAA,EAC7C;AACF;","names":[]}
+{"version":3,"sources":["../src/nextjs/cookies.ts","../src/nextjs/GetUser.ts","../src/nextjs/middleware.ts","../src/nextjs/routeHandler.ts"],"sourcesContent":["import { SessionData, UnknownObject, User } from \"@/types\";\nimport { NextResponse } from \"next/server\";\nimport { AuthConfig } from \"@/nextjs/config\";\nimport { CookieStorage, CookieStorageSettings } from \"@/server\";\nimport { cookies } from \"next/headers.js\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\nimport { clearTokens } from \"@/shared/util\";\n\n/**\n * Creates HTTP-only cookies for authentication tokens\n */\nconst createTokenCookies = (\n  response: NextResponse,\n  sessionData: SessionData,\n  config: AuthConfig,\n) => {\n  const maxAge = sessionData.expiresIn ?? 3600;\n  const cookieOptions = {\n    ...config.cookies?.tokens,\n    maxAge,\n  };\n\n  if (sessionData.accessToken) {\n    response.cookies.set(\"access_token\", sessionData.accessToken, {\n      ...cookieOptions,\n      httpOnly: true,\n    });\n  }\n\n  if (sessionData.idToken) {\n    response.cookies.set(\"id_token\", sessionData.idToken, {\n      ...cookieOptions,\n      httpOnly: true,\n    });\n  }\n\n  if (sessionData.refreshToken) {\n    response.cookies.set(\"refresh_token\", sessionData.refreshToken, {\n      ...cookieOptions,\n      httpOnly: true,\n    });\n  }\n};\n\n/**\n * Creates a client-readable cookie with user info\n */\nconst createUserInfoCookie = (\n  response: NextResponse,\n  user: User<UnknownObject> | null,\n  sessionData: SessionData,\n  config: AuthConfig,\n) => {\n  if (!user) {\n    response.cookies.set(\"user\", \"\", {\n      ...config.cookies?.user,\n      maxAge: 0,\n    });\n    return;\n  }\n  const maxAge = sessionData.expiresIn ?? 3600;\n\n  // TODO select fields to include in the user cookie\n  const frontendUser = {\n    ...user,\n  };\n\n  // TODO make call to get user info from the\n  // auth server /userinfo endpoint when it's available\n  // then add to the default claims above\n\n  response.cookies.set(\"user\", JSON.stringify(frontendUser), {\n    ...config.cookies?.user,\n    maxAge,\n  });\n};\n\n/**\n * Clears all authentication cookies\n */\nconst clearAuthCookies = async () => {\n  // clear session, and tokens\n  const cookieStorage = new NextjsCookieStorage();\n  clearTokens(cookieStorage);\n\n  // clear user\n  const clientStorage = new NextjsClientStorage();\n  const userSession = new GenericUserSession(clientStorage);\n  userSession.set(null);\n};\n\nclass NextjsCookieStorage extends CookieStorage {\n  constructor(config: Partial<CookieStorageSettings> = {}) {\n    super({\n      ...config,\n      secure: true,\n      httpOnly: true,\n    });\n  }\n\n  get(key: string): string | null {\n    return cookies().get(key)?.value || null;\n  }\n\n  set(key: string, value: string): void {\n    cookies().set(key, value, this.settings);\n  }\n}\n\nclass NextjsClientStorage extends CookieStorage {\n  constructor(config: Partial<CookieStorageSettings> = {}) {\n    super({\n      ...config,\n      secure: false,\n      httpOnly: false,\n    });\n  }\n\n  get(key: string): string | null {\n    return cookies().get(key)?.value || null;\n  }\n\n  set(key: string, value: string): void {\n    cookies().set(key, value, this.settings);\n  }\n}\n\nexport {\n  createTokenCookies,\n  createUserInfoCookie,\n  clearAuthCookies,\n  NextjsCookieStorage,\n  NextjsClientStorage,\n};\n","/**\n * Used on the server-side to get the user object from the cookie\n */\nimport { User } from \"@/types\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\nimport { NextjsClientStorage } from \"@/nextjs/cookies\";\n\nexport const getUser = (): User | null => {\n  const clientStorage = new NextjsClientStorage();\n  const userSession = new GenericUserSession(clientStorage);\n  return userSession.get();\n};\n","/**\n * Authenticates the user on all requests by checking the token cookie\n *\n * Usage:\n * Option 1: use if no other middleware (e.g. no next-intl etc)\n * export default authMiddleware();\n *\n * Option 2: use if other middleware is needed - default auth config\n * export default withAuth((request) => {\n *    console.log('in custom middleware', request.nextUrl.pathname);\n *    return NextResponse.next();\n * })\n *\n * Option 3: use if other middleware is needed - specifying auth config\n * const withCivicAuth = auth({ loginUrl: '/login', include: ['/[.*]/user'] })\n * export default withCivicAuth((request) => {\n *   console.log('in custom middleware', request.url);\n *   return NextResponse.next();\n * })\n *\n */\nimport { NextRequest, NextResponse } from \"next/server.js\";\nimport picomatch from \"picomatch\";\nimport {\n  AuthConfig,\n  defaultAuthConfig,\n  resolveAuthConfig,\n} from \"@/nextjs/config.js\";\n\ntype Middleware = (\n  request: NextRequest,\n) => Promise<NextResponse> | NextResponse;\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchGlob = (pathname: string, globPattern: string) => {\n  const matches = picomatch(globPattern);\n  return matches(pathname);\n};\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchesGlobs = (pathname: string, patterns: string[]) =>\n  patterns.some((pattern) => {\n    if (!pattern) return false;\n    console.log(\"matching\", {\n      pattern,\n      pathname,\n      match: matchGlob(pathname, pattern),\n    });\n    return matchGlob(pathname, pattern);\n  });\n\n// internal - used by all exported functions\nconst applyAuth = async (\n  authConfig: AuthConfig,\n  request: NextRequest,\n): Promise<NextResponse | undefined> => {\n  const authConfigWithDefaults = resolveAuthConfig(authConfig);\n\n  // Check for any valid auth token\n  const isAuthenticated = !!request.cookies.get(\"id_token\");\n\n  // skip auth check for login url\n  if (request.nextUrl.pathname === authConfigWithDefaults.loginUrl) {\n    console.log(\"→ Skipping auth check - this is the login URL\");\n    return undefined;\n  }\n\n  if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {\n    console.log(\"→ Skipping auth check - path not in include patterns\");\n    return undefined;\n  }\n\n  if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {\n    console.log(\"→ Skipping auth check - path in exclude patterns\");\n    return undefined;\n  }\n\n  // Check for either token type\n  if (!isAuthenticated) {\n    console.log(\"→ No valid token found - redirecting to login\");\n    const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.url);\n    return NextResponse.redirect(loginUrl);\n  }\n\n  console.log(\"→ Auth check passed\");\n  return undefined;\n};\n\n/**\n *\n * Use this when auth is the only middleware you need.\n * Usage:\n *\n * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();\n *\n */\nexport const authMiddleware =\n  (authConfig = defaultAuthConfig) =>\n  async (request: NextRequest): Promise<NextResponse> => {\n    const response = await applyAuth(authConfig, request);\n    if (response) return response;\n\n    // NextJS doesn't do middleware chaining yet, so this does not mean\n    // \"call the next middleware\" - it means \"continue to the route handler\"\n    return NextResponse.next();\n  };\n\n/**\n * Usage:\n *\n * export default withAuth(async (request) => {\n *    console.log('my middleware');\n *    return NextResponse.next();\n *  })\n */\n// use this when you have your own middleware to chain\nexport function withAuth(\n  middleware: Middleware,\n): (request: NextRequest) => Promise<NextResponse> {\n  return async (request: NextRequest): Promise<NextResponse> => {\n    const response = await applyAuth({}, request);\n    if (response) return response;\n    return middleware(request);\n  };\n}\n\n/**\n * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)\n *\n * Usage:\n *\n * const withAuth = auth({ loginUrl = '/login' }); // or just auth();\n *\n * export default withAuth(async (request) => {\n *    console.log('my middleware');\n *    return NextResponse.next();\n *  })\n *\n */\nexport function auth(authConfig: AuthConfig = {}) {\n  return (\n    middleware: Middleware,\n  ): ((request: NextRequest) => Promise<NextResponse>) => {\n    return async (request: NextRequest): Promise<NextResponse> => {\n      const response = await applyAuth(authConfig, request);\n      if (response) return response;\n      return middleware(request);\n    };\n  };\n}\n","import { NextRequest, NextResponse } from \"next/server.js\";\nimport { revalidatePath } from \"next/cache.js\";\nimport { AuthConfig, resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport {\n  clearAuthCookies,\n  NextjsClientStorage,\n  NextjsCookieStorage,\n} from \"@/nextjs/cookies.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { resolveOAuthAccessCode } from \"@/server/login.js\";\nimport { getUser } from \"@/shared/session.js\";\nimport { resolveCallbackUrl } from \"@/nextjs/utils.js\";\nimport { GenericUserSession } from \"@/shared/UserSession.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nclass AuthError extends Error {\n  constructor(\n    message: string,\n    public readonly status: number = 401,\n  ) {\n    super(message);\n    this.name = \"AuthError\";\n  }\n}\n\n/**\n * create a code verifier and challenge for PKCE\n * saving the verifier in a cookie for later use\n * @returns {Promise<NextResponse>}\n */\nasync function handleChallenge(): Promise<NextResponse> {\n  const cookieStorage = new NextjsCookieStorage();\n  const pkceProducer = new GenericPublicClientPKCEProducer(cookieStorage);\n\n  const challenge = await pkceProducer.getCodeChallenge();\n\n  return NextResponse.json({ status: \"success\", challenge });\n}\n\nasync function handleCallback(\n  request: NextRequest,\n  config: AuthConfig,\n): Promise<NextResponse> {\n  const tokenExchange = request.nextUrl.searchParams.get(\"tokenExchange\");\n  // if the client hasn't request token exchange, return an empty HTML response\n  // the next call should include the tokenExchange query parameter from the same-domain\n  if (!tokenExchange) {\n    const response = new NextResponse(`<html></html>`);\n    response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n    return response;\n  }\n  const code = request.nextUrl.searchParams.get(\"code\");\n  const state = request.nextUrl.searchParams.get(\"state\");\n  if (!code || !state) throw new AuthError(\"Bad parameters\", 400);\n\n  const cookieStorage = new NextjsCookieStorage();\n\n  const resolvedConfigs = resolveAuthConfig(config);\n  const callbackUrl = resolveCallbackUrl(resolvedConfigs, request.url);\n\n  try {\n    await resolveOAuthAccessCode(code, state, cookieStorage, {\n      ...resolvedConfigs,\n      redirectUrl: callbackUrl,\n    });\n  } catch (error) {\n    logger.error(\"Token exchange failed:\", error);\n    throw new AuthError(\"Failed to authenticate user\", 401);\n  }\n\n  const user = await getUser(cookieStorage);\n  if (!user) {\n    throw new AuthError(\"Failed to get user info\", 401);\n  }\n\n  const clientStorage = new NextjsClientStorage();\n  const userSession = new GenericUserSession(clientStorage);\n\n  userSession.set(user);\n\n  // return an empty HTML response so the iframe doesn't show any response\n  // in the short moment between the redirect and the parent window\n  // acknowledging the redirect and closing the iframe\n  const response = new NextResponse(`<html></html>`);\n  response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n  return response;\n}\n\n/**\n * If redirectPath is an absolute path, return it as-is.\n * Otherwise for relative paths, append it to the current domain.\n * @param redirectPath\n * @returns\n */\nconst getAbsoluteRedirectPath = (\n  redirectPath: string,\n  currentBasePath: string,\n) => {\n  // Check if the redirectPath is an absolute URL\n  if (/^(https?:\\/\\/|www\\.).+/i.test(redirectPath)) {\n    return redirectPath; // Return as-is if it's an absolute URL\n  }\n  return new URL(redirectPath, currentBasePath).href;\n};\n\nasync function handleLogout(\n  request: NextRequest,\n  config: AuthConfig,\n): Promise<NextResponse> {\n  const resolvedConfigs = resolveAuthConfig(config);\n  const defaultRedirectPath = resolvedConfigs.loginUrl ?? \"/\";\n  const redirectTarget =\n    new URL(request.url).searchParams.get(\"redirect\") || defaultRedirectPath;\n  const isAbsoluteRedirect = /^(https?:\\/\\/|www\\.).+/i.test(redirectTarget);\n  const finalRedirectUrl = getAbsoluteRedirectPath(\n    redirectTarget,\n    new URL(request.url).origin,\n  );\n\n  const response = NextResponse.redirect(finalRedirectUrl);\n\n  clearAuthCookies();\n\n  try {\n    revalidatePath(isAbsoluteRedirect ? finalRedirectUrl : redirectTarget);\n  } catch (error) {\n    logger.warn(\"Failed to revalidate path after logout:\", error);\n  }\n\n  return response;\n}\n\n/**\n * Creates an authentication handler for Next.js API routes\n *\n * Usage:\n * ```ts\n * // app/api/auth/[...civicauth]/route.ts\n * import { handler } from '@civic/auth/nextjs'\n * export const GET = handler({\n *   // optional config overrides\n * })\n * ```\n */\nexport const handler =\n  (authConfig = {}) =>\n  async (request: NextRequest): Promise<NextResponse> => {\n    const config = resolveAuthConfig(authConfig);\n\n    try {\n      const pathname = request.nextUrl.pathname;\n      const pathSegments = pathname.split(\"/\");\n      const lastSegment = pathSegments[pathSegments.length - 1];\n\n      switch (lastSegment) {\n        case \"challenge\":\n          return await handleChallenge();\n        case \"callback\":\n          return await handleCallback(request, config);\n        case \"logout\":\n          return await handleLogout(request, config);\n        default:\n          throw new AuthError(`Invalid auth route: ${pathname}`, 404);\n      }\n    } catch (error) {\n      logger.error(\"Auth handler error:\", error);\n\n      const status = error instanceof AuthError ? error.status : 500;\n      const message =\n        error instanceof Error ? error.message : \"Authentication failed\";\n\n      const response = NextResponse.json({ error: message }, { status });\n\n      clearAuthCookies();\n      return response;\n    }\n  };\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAIA,SAAS,eAAe;AA4ExB,IAAM,mBAAmB,MAAY;AAEnC,QAAM,gBAAgB,IAAI,oBAAoB;AAC9C,cAAY,aAAa;AAGzB,QAAM,gBAAgB,IAAI,oBAAoB;AAC9C,QAAM,cAAc,IAAI,mBAAmB,aAAa;AACxD,cAAY,IAAI,IAAI;AACtB;AAEA,IAAM,sBAAN,cAAkC,cAAc;AAAA,EAC9C,YAAY,SAAyC,CAAC,GAAG;AACvD,UAAM,iCACD,SADC;AAAA,MAEJ,QAAQ;AAAA,MACR,UAAU;AAAA,IACZ,EAAC;AAAA,EACH;AAAA,EAEA,IAAI,KAA4B;AApGlC;AAqGI,aAAO,aAAQ,EAAE,IAAI,GAAG,MAAjB,mBAAoB,UAAS;AAAA,EACtC;AAAA,EAEA,IAAI,KAAa,OAAqB;AACpC,YAAQ,EAAE,IAAI,KAAK,OAAO,KAAK,QAAQ;AAAA,EACzC;AACF;AAEA,IAAM,sBAAN,cAAkC,cAAc;AAAA,EAC9C,YAAY,SAAyC,CAAC,GAAG;AACvD,UAAM,iCACD,SADC;AAAA,MAEJ,QAAQ;AAAA,MACR,UAAU;AAAA,IACZ,EAAC;AAAA,EACH;AAAA,EAEA,IAAI,KAA4B;AAtHlC;AAuHI,aAAO,aAAQ,EAAE,IAAI,GAAG,MAAjB,mBAAoB,UAAS;AAAA,EACtC;AAAA,EAEA,IAAI,KAAa,OAAqB;AACpC,YAAQ,EAAE,IAAI,KAAK,OAAO,KAAK,QAAQ;AAAA,EACzC;AACF;;;ACtHO,IAAMA,WAAU,MAAmB;AACxC,QAAM,gBAAgB,IAAI,oBAAoB;AAC9C,QAAM,cAAc,IAAI,mBAAmB,aAAa;AACxD,SAAO,YAAY,IAAI;AACzB;;;ACUA,SAAsB,oBAAoB;AAC1C,OAAO,eAAe;AAgBtB,IAAM,YAAY,CAAC,UAAkB,gBAAwB;AAC3D,QAAM,UAAU,UAAU,WAAW;AACrC,SAAO,QAAQ,QAAQ;AACzB;AAOA,IAAM,eAAe,CAAC,UAAkB,aACtC,SAAS,KAAK,CAAC,YAAY;AACzB,MAAI,CAAC,QAAS,QAAO;AACrB,UAAQ,IAAI,YAAY;AAAA,IACtB;AAAA,IACA;AAAA,IACA,OAAO,UAAU,UAAU,OAAO;AAAA,EACpC,CAAC;AACD,SAAO,UAAU,UAAU,OAAO;AACpC,CAAC;AAGH,IAAM,YAAY,CAChB,YACA,YACsC;AACtC,QAAM,yBAAyB,kBAAkB,UAAU;AAG3D,QAAM,kBAAkB,CAAC,CAAC,QAAQ,QAAQ,IAAI,UAAU;AAGxD,MAAI,QAAQ,QAAQ,aAAa,uBAAuB,UAAU;AAChE,YAAQ,IAAI,oDAA+C;AAC3D,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,aAAa,QAAQ,QAAQ,UAAU,uBAAuB,OAAO,GAAG;AAC3E,YAAQ,IAAI,2DAAsD;AAClE,WAAO;AAAA,EACT;AAEA,MAAI,aAAa,QAAQ,QAAQ,UAAU,uBAAuB,OAAO,GAAG;AAC1E,YAAQ,IAAI,uDAAkD;AAC9D,WAAO;AAAA,EACT;AAGA,MAAI,CAAC,iBAAiB;AACpB,YAAQ,IAAI,oDAA+C;AAC3D,UAAM,WAAW,IAAI,IAAI,uBAAuB,UAAU,QAAQ,GAAG;AACrE,WAAO,aAAa,SAAS,QAAQ;AAAA,EACvC;AAEA,UAAQ,IAAI,0BAAqB;AACjC,SAAO;AACT;AAUO,IAAM,iBACX,CAAC,aAAa,sBACd,CAAO,YAAgD;AACrD,QAAM,WAAW,MAAM,UAAU,YAAY,OAAO;AACpD,MAAI,SAAU,QAAO;AAIrB,SAAO,aAAa,KAAK;AAC3B;AAWK,SAAS,SACd,YACiD;AACjD,SAAO,CAAO,YAAgD;AAC5D,UAAM,WAAW,MAAM,UAAU,CAAC,GAAG,OAAO;AAC5C,QAAI,SAAU,QAAO;AACrB,WAAO,WAAW,OAAO;AAAA,EAC3B;AACF;AAeO,SAAS,KAAK,aAAyB,CAAC,GAAG;AAChD,SAAO,CACL,eACsD;AACtD,WAAO,CAAO,YAAgD;AAC5D,YAAM,WAAW,MAAM,UAAU,YAAY,OAAO;AACpD,UAAI,SAAU,QAAO;AACrB,aAAO,WAAW,OAAO;AAAA,IAC3B;AAAA,EACF;AACF;;;AC7JA,SAAsB,gBAAAC,qBAAoB;AAC1C,SAAS,sBAAsB;AAc/B,IAAM,SAAS,QAAQ,OAAO,SAAS;AAEvC,IAAM,YAAN,cAAwB,MAAM;AAAA,EAC5B,YACE,SACgB,SAAiB,KACjC;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAOA,SAAe,kBAAyC;AAAA;AACtD,UAAM,gBAAgB,IAAI,oBAAoB;AAC9C,UAAM,eAAe,IAAI,gCAAgC,aAAa;AAEtE,UAAM,YAAY,MAAM,aAAa,iBAAiB;AAEtD,WAAOC,cAAa,KAAK,EAAE,QAAQ,WAAW,UAAU,CAAC;AAAA,EAC3D;AAAA;AAEA,SAAe,eACb,SACA,QACuB;AAAA;AACvB,UAAM,gBAAgB,QAAQ,QAAQ,aAAa,IAAI,eAAe;AAGtE,QAAI,CAAC,eAAe;AAClB,YAAMC,YAAW,IAAID,cAAa,eAAe;AACjD,MAAAC,UAAS,QAAQ,IAAI,gBAAgB,0BAA0B;AAC/D,aAAOA;AAAA,IACT;AACA,UAAM,OAAO,QAAQ,QAAQ,aAAa,IAAI,MAAM;AACpD,UAAM,QAAQ,QAAQ,QAAQ,aAAa,IAAI,OAAO;AACtD,QAAI,CAAC,QAAQ,CAAC,MAAO,OAAM,IAAI,UAAU,kBAAkB,GAAG;AAE9D,UAAM,gBAAgB,IAAI,oBAAoB;AAE9C,UAAM,kBAAkB,kBAAkB,MAAM;AAChD,UAAM,cAAc,mBAAmB,iBAAiB,QAAQ,GAAG;AAEnE,QAAI;AACF,YAAM,uBAAuB,MAAM,OAAO,eAAe,iCACpD,kBADoD;AAAA,QAEvD,aAAa;AAAA,MACf,EAAC;AAAA,IACH,SAAS,OAAO;AACd,aAAO,MAAM,0BAA0B,KAAK;AAC5C,YAAM,IAAI,UAAU,+BAA+B,GAAG;AAAA,IACxD;AAEA,UAAM,OAAO,MAAM,QAAQ,aAAa;AACxC,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,UAAU,2BAA2B,GAAG;AAAA,IACpD;AAEA,UAAM,gBAAgB,IAAI,oBAAoB;AAC9C,UAAM,cAAc,IAAI,mBAAmB,aAAa;AAExD,gBAAY,IAAI,IAAI;AAKpB,UAAM,WAAW,IAAID,cAAa,eAAe;AACjD,aAAS,QAAQ,IAAI,gBAAgB,0BAA0B;AAC/D,WAAO;AAAA,EACT;AAAA;AAQA,IAAM,0BAA0B,CAC9B,cACA,oBACG;AAEH,MAAI,0BAA0B,KAAK,YAAY,GAAG;AAChD,WAAO;AAAA,EACT;AACA,SAAO,IAAI,IAAI,cAAc,eAAe,EAAE;AAChD;AAEA,SAAe,aACb,SACA,QACuB;AAAA;AA9GzB;AA+GE,UAAM,kBAAkB,kBAAkB,MAAM;AAChD,UAAM,uBAAsB,qBAAgB,aAAhB,YAA4B;AACxD,UAAM,iBACJ,IAAI,IAAI,QAAQ,GAAG,EAAE,aAAa,IAAI,UAAU,KAAK;AACvD,UAAM,qBAAqB,0BAA0B,KAAK,cAAc;AACxE,UAAM,mBAAmB;AAAA,MACvB;AAAA,MACA,IAAI,IAAI,QAAQ,GAAG,EAAE;AAAA,IACvB;AAEA,UAAM,WAAWA,cAAa,SAAS,gBAAgB;AAEvD,qBAAiB;AAEjB,QAAI;AACF,qBAAe,qBAAqB,mBAAmB,cAAc;AAAA,IACvE,SAAS,OAAO;AACd,aAAO,KAAK,2CAA2C,KAAK;AAAA,IAC9D;AAEA,WAAO;AAAA,EACT;AAAA;AAcO,IAAM,UACX,CAAC,aAAa,CAAC,MACf,CAAO,YAAgD;AACrD,QAAM,SAAS,kBAAkB,UAAU;AAE3C,MAAI;AACF,UAAM,WAAW,QAAQ,QAAQ;AACjC,UAAM,eAAe,SAAS,MAAM,GAAG;AACvC,UAAM,cAAc,aAAa,aAAa,SAAS,CAAC;AAExD,YAAQ,aAAa;AAAA,MACnB,KAAK;AACH,eAAO,MAAM,gBAAgB;AAAA,MAC/B,KAAK;AACH,eAAO,MAAM,eAAe,SAAS,MAAM;AAAA,MAC7C,KAAK;AACH,eAAO,MAAM,aAAa,SAAS,MAAM;AAAA,MAC3C;AACE,cAAM,IAAI,UAAU,uBAAuB,QAAQ,IAAI,GAAG;AAAA,IAC9D;AAAA,EACF,SAAS,OAAO;AACd,WAAO,MAAM,uBAAuB,KAAK;AAEzC,UAAM,SAAS,iBAAiB,YAAY,MAAM,SAAS;AAC3D,UAAM,UACJ,iBAAiB,QAAQ,MAAM,UAAU;AAE3C,UAAM,WAAWA,cAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,OAAO,CAAC;AAEjE,qBAAiB;AACjB,WAAO;AAAA,EACT;AACF;","names":["getUser","NextResponse","NextResponse","response"]}

package/dist/react.d.mts

@@ -1,7 +1,8 @@
-import { D as DisplayMode, C as Config, U as User, F as ForwardedTokens, S as SessionData } from './index-yT0eVchS.mjs';
 import { JWT } from 'oslo/jwt';
-import { ReactNode } from 'react';
+import { D as DisplayMode, U as User, F as ForwardedTokens, C as Config, S as SessionData, a as UnknownObject } from './index-Bfi0hVMZ.mjs';
+import { ReactNode, RefObject, Dispatch, SetStateAction } from 'react';
 import * as react_jsx_runtime from 'react/jsx-runtime';
+import 'oslo/oauth2';
 
 type AuthContextType = {
     signIn: (displayMode?: DisplayMode) => Promise<void>;
@@ -10,22 +11,10 @@ type AuthContextType = {
     error: Error | null;
     signOut: () => Promise<void>;
 };
-type AuthProviderProps = {
-    children: ReactNode;
-    clientId: string;
-    redirectUrl?: string;
-    nonce?: string;
-    config?: Config;
-    onSignIn?: (error?: Error) => void;
-    onSignOut?: () => void;
-};
 
-type UserContextType<T extends Record<string, unknown> & JWT["payload"] = Record<string, unknown> & JWT["payload"]> = {
+type UserContextType$1<T extends Record<string, unknown> & JWT["payload"] = Record<string, unknown> & JWT["payload"]> = {
     user: User<T> | null;
-    isLoading: boolean;
-    error: Error | null;
-    refetch: () => void;
-} & AuthContextType;
+} & Omit<AuthContextType, "isAuthenticated">;
 
 type TokenContextType = {
     accessToken: string | null;
@@ -36,31 +25,78 @@ type TokenContextType = {
     error: Error | null;
 };
 
-type ParamsProviderProps = {
+interface PKCEConsumer {
+    getCodeChallenge(): Promise<string>;
+}
+
+type AuthProviderProps = {
     children: ReactNode;
     clientId: string;
     redirectUrl?: string;
     nonce?: string;
     config?: Config;
+    onSignIn?: (error?: Error) => void;
+    onSignOut?: () => void;
+    pkceConsumer?: PKCEConsumer;
+    modalIframe?: boolean;
+};
+
+type SessionProviderOutput = SessionData & {
+    iframeRef: RefObject<HTMLIFrameElement> | null;
+    setAuthResponseUrl: Dispatch<SetStateAction<string | null>>;
 };
-type ParamsContextType = Omit<ParamsProviderProps, "children">;
 
-type CivicProviderProps = AuthProviderProps;
-declare const CivicProvider: ({ children, ...props }: CivicProviderProps) => react_jsx_runtime.JSX.Element;
+type CivicAuthProviderProps = Omit<AuthProviderProps, "pkceConsumer">;
+declare const CivicAuthProvider: ({ children, ...props }: CivicAuthProviderProps) => react_jsx_runtime.JSX.Element;
 
-declare const useUser: <T extends Record<string, unknown> = Record<string, never>>() => UserContextType<T>;
+type UserContextType = {
+    user: User<UnknownObject> | null;
+};
+type NextCivicAuthProviderProps = Omit<AuthProviderProps, "clientId">;
+declare const CivicNextAuthProvider: ({ children, ...props }: NextCivicAuthProviderProps) => react_jsx_runtime.JSX.Element;
+declare const useNextUser: () => UserContextType;
+
+declare const useUser: <T extends Record<string, unknown> = Record<string, never>>() => UserContextType$1<T>;
+
+declare const useUserCookie: () => any;
 
 declare const useToken: () => TokenContextType;
 
 declare const useAuth: () => AuthContextType;
 
-declare const useParams: () => ParamsContextType;
+declare const useSession: () => SessionProviderOutput;
+
+type ConfigProviderOutput = {
+    config: Config;
+    redirectUrl: string;
+    modalIframe: boolean;
+    serverTokenExchange: boolean;
+};
 
-declare const useSession: () => SessionData;
+declare const useConfig: () => ConfigProviderOutput;
+
+type CivicAuthIframeContainerProps = {
+    onClose?: () => void;
+    closeOnRedirect?: boolean;
+};
+declare const CivicAuthIframeContainer: ({ onClose, closeOnRedirect, }: CivicAuthIframeContainerProps) => react_jsx_runtime.JSX.Element;
 
 declare const UserButton: ({ displayMode, className, }: {
     displayMode?: DisplayMode;
     className?: string;
 }) => react_jsx_runtime.JSX.Element;
 
-export { type AuthContextType, CivicProvider, type ParamsContextType, type TokenContextType, UserButton, type UserContextType, useAuth, useParams, useSession, useToken, useUser };
+declare const SignInButton: ({ displayMode, className, }: {
+    displayMode?: DisplayMode;
+    className?: string;
+}) => react_jsx_runtime.JSX.Element;
+
+declare const SignOutButton: ({ className }: {
+    className?: string;
+}) => react_jsx_runtime.JSX.Element;
+
+declare const NextLogOut: ({ children }: {
+    children: ReactNode;
+}) => react_jsx_runtime.JSX.Element;
+
+export { type AuthContextType, CivicAuthIframeContainer, CivicAuthProvider, type CivicAuthProviderProps, CivicNextAuthProvider, type NextCivicAuthProviderProps, NextLogOut, SignInButton, SignOutButton, type TokenContextType, UserButton, type UserContextType$1 as UserContextType, useAuth, useConfig, useNextUser, useSession, useToken, useUser, useUserCookie };

package/dist/react.d.ts

@@ -1,7 +1,8 @@
-import { D as DisplayMode, C as Config, U as User, F as ForwardedTokens, S as SessionData } from './index-yT0eVchS.js';
 import { JWT } from 'oslo/jwt';
-import { ReactNode } from 'react';
+import { D as DisplayMode, U as User, F as ForwardedTokens, C as Config, S as SessionData, a as UnknownObject } from './index-Bfi0hVMZ.js';
+import { ReactNode, RefObject, Dispatch, SetStateAction } from 'react';
 import * as react_jsx_runtime from 'react/jsx-runtime';
+import 'oslo/oauth2';
 
 type AuthContextType = {
     signIn: (displayMode?: DisplayMode) => Promise<void>;
@@ -10,22 +11,10 @@ type AuthContextType = {
     error: Error | null;
     signOut: () => Promise<void>;
 };
-type AuthProviderProps = {
-    children: ReactNode;
-    clientId: string;
-    redirectUrl?: string;
-    nonce?: string;
-    config?: Config;
-    onSignIn?: (error?: Error) => void;
-    onSignOut?: () => void;
-};
 
-type UserContextType<T extends Record<string, unknown> & JWT["payload"] = Record<string, unknown> & JWT["payload"]> = {
+type UserContextType$1<T extends Record<string, unknown> & JWT["payload"] = Record<string, unknown> & JWT["payload"]> = {
     user: User<T> | null;
-    isLoading: boolean;
-    error: Error | null;
-    refetch: () => void;
-} & AuthContextType;
+} & Omit<AuthContextType, "isAuthenticated">;
 
 type TokenContextType = {
     accessToken: string | null;
@@ -36,31 +25,78 @@ type TokenContextType = {
     error: Error | null;
 };
 
-type ParamsProviderProps = {
+interface PKCEConsumer {
+    getCodeChallenge(): Promise<string>;
+}
+
+type AuthProviderProps = {
     children: ReactNode;
     clientId: string;
     redirectUrl?: string;
     nonce?: string;
     config?: Config;
+    onSignIn?: (error?: Error) => void;
+    onSignOut?: () => void;
+    pkceConsumer?: PKCEConsumer;
+    modalIframe?: boolean;
+};
+
+type SessionProviderOutput = SessionData & {
+    iframeRef: RefObject<HTMLIFrameElement> | null;
+    setAuthResponseUrl: Dispatch<SetStateAction<string | null>>;
 };
-type ParamsContextType = Omit<ParamsProviderProps, "children">;
 
-type CivicProviderProps = AuthProviderProps;
-declare const CivicProvider: ({ children, ...props }: CivicProviderProps) => react_jsx_runtime.JSX.Element;
+type CivicAuthProviderProps = Omit<AuthProviderProps, "pkceConsumer">;
+declare const CivicAuthProvider: ({ children, ...props }: CivicAuthProviderProps) => react_jsx_runtime.JSX.Element;
 
-declare const useUser: <T extends Record<string, unknown> = Record<string, never>>() => UserContextType<T>;
+type UserContextType = {
+    user: User<UnknownObject> | null;
+};
+type NextCivicAuthProviderProps = Omit<AuthProviderProps, "clientId">;
+declare const CivicNextAuthProvider: ({ children, ...props }: NextCivicAuthProviderProps) => react_jsx_runtime.JSX.Element;
+declare const useNextUser: () => UserContextType;
+
+declare const useUser: <T extends Record<string, unknown> = Record<string, never>>() => UserContextType$1<T>;
+
+declare const useUserCookie: () => any;
 
 declare const useToken: () => TokenContextType;
 
 declare const useAuth: () => AuthContextType;
 
-declare const useParams: () => ParamsContextType;
+declare const useSession: () => SessionProviderOutput;
+
+type ConfigProviderOutput = {
+    config: Config;
+    redirectUrl: string;
+    modalIframe: boolean;
+    serverTokenExchange: boolean;
+};
 
-declare const useSession: () => SessionData;
+declare const useConfig: () => ConfigProviderOutput;
+
+type CivicAuthIframeContainerProps = {
+    onClose?: () => void;
+    closeOnRedirect?: boolean;
+};
+declare const CivicAuthIframeContainer: ({ onClose, closeOnRedirect, }: CivicAuthIframeContainerProps) => react_jsx_runtime.JSX.Element;
 
 declare const UserButton: ({ displayMode, className, }: {
     displayMode?: DisplayMode;
     className?: string;
 }) => react_jsx_runtime.JSX.Element;
 
-export { type AuthContextType, CivicProvider, type ParamsContextType, type TokenContextType, UserButton, type UserContextType, useAuth, useParams, useSession, useToken, useUser };
+declare const SignInButton: ({ displayMode, className, }: {
+    displayMode?: DisplayMode;
+    className?: string;
+}) => react_jsx_runtime.JSX.Element;
+
+declare const SignOutButton: ({ className }: {
+    className?: string;
+}) => react_jsx_runtime.JSX.Element;
+
+declare const NextLogOut: ({ children }: {
+    children: ReactNode;
+}) => react_jsx_runtime.JSX.Element;
+
+export { type AuthContextType, CivicAuthIframeContainer, CivicAuthProvider, type CivicAuthProviderProps, CivicNextAuthProvider, type NextCivicAuthProviderProps, NextLogOut, SignInButton, SignOutButton, type TokenContextType, UserButton, type UserContextType$1 as UserContextType, useAuth, useConfig, useNextUser, useSession, useToken, useUser, useUserCookie };