@civic/auth 0.0.1-beta.2 → 0.0.1-beta.20

package/dist/nextjs/client.mjs

@@ -0,0 +1,179 @@
+import "../chunk-PMJAV4JJ.mjs";
+import {
+  AuthProvider,
+  UserProvider
+} from "../chunk-UADVRCHY.mjs";
+import {
+  NextjsClientStorage,
+  resolveCallbackUrl
+} from "../chunk-BFESCRFK.mjs";
+import {
+  resolveAuthConfig
+} from "../chunk-X3FQBE22.mjs";
+import "../chunk-HTTTZ2BP.mjs";
+import {
+  ConfidentialClientPKCEConsumer
+} from "../chunk-CBQ3HKRV.mjs";
+import {
+  __async,
+  __objRest,
+  __spreadProps,
+  __spreadValues
+} from "../chunk-RGHW4PYM.mjs";
+
+// src/nextjs/providers/NextAuthProvider.tsx
+import { useEffect as useEffect3, useState } from "react";
+import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
+
+// src/nextjs/hooks/useUserCookie.ts
+import { useEffect, useRef } from "react";
+import { useRouter } from "next/navigation.js";
+import { useQuery } from "@tanstack/react-query";
+
+// src/lib/cookies.ts
+var getWindowCookieValue = ({
+  key,
+  window: window2,
+  parseJson = false
+}) => {
+  const cookie = window2.document.cookie;
+  if (!cookie) return null;
+  const cookies = cookie.split(";");
+  for (const c of cookies) {
+    const [name, value] = c.trim().split("=");
+    if (value && name === key) {
+      try {
+        const decodeURIComponentValue = decodeURIComponent(value);
+        return parseJson === true ? JSON.parse(decodeURIComponentValue) : decodeURIComponentValue;
+      } catch (e) {
+        return value;
+      }
+    }
+  }
+  return null;
+};
+
+// src/nextjs/hooks/useUserCookie.ts
+var getUserFromCookie = () => {
+  const userCookie = getWindowCookieValue({
+    key: "user" /* USER */,
+    window: globalThis.window,
+    parseJson: true
+  });
+  return userCookie;
+};
+var useUserCookie = () => {
+  const hasRunRef = useRef(false);
+  const router = useRouter();
+  const { data: user } = useQuery({
+    queryKey: ["user"],
+    queryFn: () => getUserFromCookie(),
+    refetchInterval: 2e3,
+    refetchIntervalInBackground: true,
+    enabled: !hasRunRef.current,
+    refetchOnWindowFocus: true
+  });
+  useEffect(() => {
+    if (user) {
+      if (!hasRunRef.current) {
+        hasRunRef.current = true;
+        router.refresh();
+      }
+    } else {
+      hasRunRef.current = false;
+    }
+  }, [user, router]);
+  return user != null ? user : null;
+};
+
+// src/nextjs/hooks/useTokenCookie.ts
+import { useEffect as useEffect2, useRef as useRef2 } from "react";
+import { useRouter as useRouter2 } from "next/navigation.js";
+import { useQuery as useQuery2 } from "@tanstack/react-query";
+var getTokenFromCookie = (tokenName) => {
+  return getWindowCookieValue({
+    key: tokenName,
+    window: globalThis.window,
+    parseJson: false
+  });
+};
+var useTokenCookie = (tokenName) => {
+  const hasRunRef = useRef2(false);
+  const router = useRouter2();
+  const { data: token } = useQuery2({
+    queryKey: ["token", tokenName],
+    queryFn: () => getTokenFromCookie(tokenName) || null,
+    refetchInterval: 2e3,
+    refetchIntervalInBackground: true,
+    enabled: !hasRunRef.current,
+    refetchOnWindowFocus: true
+  });
+  useEffect2(() => {
+    if (token) {
+      if (!hasRunRef.current) {
+        hasRunRef.current = true;
+        router.refresh();
+      }
+    } else {
+      hasRunRef.current = false;
+    }
+  }, [token, router]);
+  return token != null ? token : null;
+};
+
+// src/nextjs/providers/NextAuthProvider.tsx
+import { jsx } from "react/jsx-runtime";
+var queryClient = new QueryClient();
+var CivicNextAuthProvider = (_a) => {
+  var _b = _a, {
+    children
+  } = _b, props = __objRest(_b, [
+    "children"
+  ]);
+  const [redirectUrl, setRedirectUrl] = useState("");
+  const resolvedConfig = resolveAuthConfig();
+  const { clientId, oauthServer, callbackUrl, challengeUrl, logoutUrl } = resolvedConfig;
+  useEffect3(() => {
+    if (typeof globalThis.window !== "undefined") {
+      const currentUrl = globalThis.window.location.href;
+      setRedirectUrl(resolveCallbackUrl(resolvedConfig, currentUrl));
+    }
+  }, [callbackUrl, resolvedConfig]);
+  const user = useUserCookie();
+  const idToken = useTokenCookie("id_token" /* ID_TOKEN */);
+  const combinedUser = user ? __spreadProps(__spreadValues({}, user || {}), { idToken }) : null;
+  const sessionData = __spreadValues({
+    authenticated: !!user
+  }, idToken ? { idToken } : {});
+  const signOut = () => __async(void 0, null, function* () {
+    if (props.onSignOut) {
+      yield props.onSignOut();
+    }
+    window.location.href = logoutUrl;
+    return;
+  });
+  return /* @__PURE__ */ jsx(QueryClientProvider, { client: queryClient, children: /* @__PURE__ */ jsx(
+    AuthProvider,
+    __spreadProps(__spreadValues({}, props), {
+      redirectUrl,
+      config: { oauthServer },
+      clientId,
+      pkceConsumer: new ConfidentialClientPKCEConsumer(challengeUrl),
+      sessionData,
+      children: /* @__PURE__ */ jsx(
+        UserProvider,
+        {
+          storage: new NextjsClientStorage(),
+          user: combinedUser,
+          signOut,
+          children
+        }
+      )
+    })
+  ) });
+};
+export {
+  CivicNextAuthProvider as CivicAuthProvider,
+  useUserCookie
+};
+//# sourceMappingURL=client.mjs.map

package/dist/nextjs/client.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/nextjs/providers/NextAuthProvider.tsx","../../src/nextjs/hooks/useUserCookie.ts","../../src/lib/cookies.ts","../../src/nextjs/hooks/useTokenCookie.ts"],"sourcesContent":["\"use client\";\n/**\n * A very small context provider for the user object - it takes the user object from the cookie and provides it to the app.\n */\nimport { useEffect, useState } from \"react\";\nimport { AuthProvider, AuthProviderProps } from \"@/shared/AuthProvider.js\";\nimport { QueryClient, QueryClientProvider } from \"@tanstack/react-query\";\nimport { resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { resolveCallbackUrl } from \"@/nextjs/utils.js\";\n\n// adding the styles import here to be added to the bundle\nimport \"@/styles.css\";\nimport { ConfidentialClientPKCEConsumer } from \"@/services/PKCE.js\";\nimport { NextjsClientStorage } from \"@/nextjs/cookies\";\nimport { UserProvider } from \"@/shared/UserProvider\";\nimport { useUserCookie } from \"../hooks/useUserCookie\";\nimport { OAuthTokens } from \"@/shared/types\";\nimport { useTokenCookie } from \"../hooks/useTokenCookie\";\nimport { User } from \"@/types\";\n\nconst queryClient = new QueryClient();\n\nexport type NextCivicAuthProviderProps = Omit<AuthProviderProps, \"clientId\">;\n\nexport const CivicNextAuthProvider = ({\n  children,\n  ...props\n}: NextCivicAuthProviderProps) => {\n  const [redirectUrl, setRedirectUrl] = useState<string>(\"\");\n  const resolvedConfig = resolveAuthConfig();\n  const { clientId, oauthServer, callbackUrl, challengeUrl, logoutUrl } =\n    resolvedConfig;\n\n  useEffect(() => {\n    if (typeof globalThis.window !== \"undefined\") {\n      const currentUrl = globalThis.window.location.href;\n      setRedirectUrl(resolveCallbackUrl(resolvedConfig, currentUrl));\n    }\n  }, [callbackUrl, resolvedConfig]);\n\n  const user = useUserCookie();\n  const idToken = useTokenCookie(OAuthTokens.ID_TOKEN);\n  const combinedUser = user ? ({ ...(user || {}), idToken } as User) : null;\n  const sessionData = {\n    authenticated: !!user,\n    ...(idToken ? { idToken } : {}),\n  };\n  const signOut = async (): Promise<void> => {\n    if (props.onSignOut) {\n      await props.onSignOut();\n    }\n    window.location.href = logoutUrl;\n    return;\n  };\n  return (\n    <QueryClientProvider client={queryClient}>\n      <AuthProvider\n        {...props}\n        redirectUrl={redirectUrl}\n        config={{ oauthServer }}\n        clientId={clientId}\n        pkceConsumer={new ConfidentialClientPKCEConsumer(challengeUrl)}\n        sessionData={sessionData}\n      >\n        <UserProvider\n          storage={new NextjsClientStorage()}\n          user={combinedUser}\n          signOut={signOut}\n        >\n          {children}\n        </UserProvider>\n      </AuthProvider>\n    </QueryClientProvider>\n  );\n};\n","\"use client\";\nimport { useEffect, useRef } from \"react\";\nimport { useRouter } from \"next/navigation.js\";\nimport { useQuery } from \"@tanstack/react-query\";\nimport { getWindowCookieValue } from \"@/lib/cookies.js\";\nimport { EmptyObject, User } from \"@/types\";\nimport { UserStorage } from \"@/shared/types\";\n\nconst getUserFromCookie = () => {\n  const userCookie = getWindowCookieValue({\n    key: UserStorage.USER,\n    window: globalThis.window,\n    parseJson: true,\n  });\n  return userCookie;\n};\n\nexport const useUserCookie = <T extends EmptyObject>() => {\n  const hasRunRef = useRef(false);\n  const router = useRouter();\n\n  const { data: user } = useQuery({\n    queryKey: [\"user\"],\n    queryFn: () => getUserFromCookie() as User<T> | null,\n    refetchInterval: 2000,\n    refetchIntervalInBackground: true,\n    enabled: !hasRunRef.current,\n    refetchOnWindowFocus: true,\n  });\n\n  useEffect(() => {\n    if (user) {\n      if (!hasRunRef.current) {\n        hasRunRef.current = true;\n        router.refresh();\n      }\n    } else {\n      hasRunRef.current = false;\n    }\n  }, [user, router]);\n\n  return user ?? null;\n};\n","const getWindowCookieValue = ({\n  key,\n  window,\n  parseJson = false,\n}: {\n  key: string;\n  window: Window;\n  parseJson?: boolean;\n}) => {\n  const cookie = window.document.cookie;\n  if (!cookie) return null;\n  const cookies = cookie.split(\";\");\n  for (const c of cookies) {\n    const [name, value] = c.trim().split(\"=\");\n    if (value && name === key) {\n      try {\n        const decodeURIComponentValue = decodeURIComponent(value);\n        return parseJson === true\n          ? JSON.parse(decodeURIComponentValue)\n          : decodeURIComponentValue;\n      } catch {\n        return value;\n      }\n    }\n  }\n  return null;\n};\nexport { getWindowCookieValue };\n","\"use client\";\nimport { useEffect, useRef } from \"react\";\nimport { useRouter } from \"next/navigation.js\";\nimport { useQuery } from \"@tanstack/react-query\";\nimport { getWindowCookieValue } from \"@/lib/cookies.js\";\nimport { OAuthTokens } from \"@/shared/types\";\n\nconst getTokenFromCookie = (tokenName: OAuthTokens): string => {\n  return getWindowCookieValue({\n    key: tokenName,\n    window: globalThis.window,\n    parseJson: false,\n  });\n};\n\nexport const useTokenCookie = (tokenName: OAuthTokens): string | null => {\n  const hasRunRef = useRef(false);\n  const router = useRouter();\n\n  const { data: token } = useQuery({\n    queryKey: [\"token\", tokenName],\n    queryFn: () => getTokenFromCookie(tokenName) || null,\n    refetchInterval: 2000,\n    refetchIntervalInBackground: true,\n    enabled: !hasRunRef.current,\n    refetchOnWindowFocus: true,\n  });\n\n  useEffect(() => {\n    if (token) {\n      if (!hasRunRef.current) {\n        hasRunRef.current = true;\n        router.refresh();\n      }\n    } else {\n      hasRunRef.current = false;\n    }\n  }, [token, router]);\n\n  return token ?? null;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAIA,SAAS,aAAAA,YAAW,gBAAgB;AAEpC,SAAS,aAAa,2BAA2B;;;ACLjD,SAAS,WAAW,cAAc;AAClC,SAAS,iBAAiB;AAC1B,SAAS,gBAAgB;;;ACHzB,IAAM,uBAAuB,CAAC;AAAA,EAC5B;AAAA,EACA,QAAAC;AAAA,EACA,YAAY;AACd,MAIM;AACJ,QAAM,SAASA,QAAO,SAAS;AAC/B,MAAI,CAAC,OAAQ,QAAO;AACpB,QAAM,UAAU,OAAO,MAAM,GAAG;AAChC,aAAW,KAAK,SAAS;AACvB,UAAM,CAAC,MAAM,KAAK,IAAI,EAAE,KAAK,EAAE,MAAM,GAAG;AACxC,QAAI,SAAS,SAAS,KAAK;AACzB,UAAI;AACF,cAAM,0BAA0B,mBAAmB,KAAK;AACxD,eAAO,cAAc,OACjB,KAAK,MAAM,uBAAuB,IAClC;AAAA,MACN,SAAQ;AACN,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;;;ADlBA,IAAM,oBAAoB,MAAM;AAC9B,QAAM,aAAa,qBAAqB;AAAA,IACtC;AAAA,IACA,QAAQ,WAAW;AAAA,IACnB,WAAW;AAAA,EACb,CAAC;AACD,SAAO;AACT;AAEO,IAAM,gBAAgB,MAA6B;AACxD,QAAM,YAAY,OAAO,KAAK;AAC9B,QAAM,SAAS,UAAU;AAEzB,QAAM,EAAE,MAAM,KAAK,IAAI,SAAS;AAAA,IAC9B,UAAU,CAAC,MAAM;AAAA,IACjB,SAAS,MAAM,kBAAkB;AAAA,IACjC,iBAAiB;AAAA,IACjB,6BAA6B;AAAA,IAC7B,SAAS,CAAC,UAAU;AAAA,IACpB,sBAAsB;AAAA,EACxB,CAAC;AAED,YAAU,MAAM;AACd,QAAI,MAAM;AACR,UAAI,CAAC,UAAU,SAAS;AACtB,kBAAU,UAAU;AACpB,eAAO,QAAQ;AAAA,MACjB;AAAA,IACF,OAAO;AACL,gBAAU,UAAU;AAAA,IACtB;AAAA,EACF,GAAG,CAAC,MAAM,MAAM,CAAC;AAEjB,SAAO,sBAAQ;AACjB;;;AEzCA,SAAS,aAAAC,YAAW,UAAAC,eAAc;AAClC,SAAS,aAAAC,kBAAiB;AAC1B,SAAS,YAAAC,iBAAgB;AAIzB,IAAM,qBAAqB,CAAC,cAAmC;AAC7D,SAAO,qBAAqB;AAAA,IAC1B,KAAK;AAAA,IACL,QAAQ,WAAW;AAAA,IACnB,WAAW;AAAA,EACb,CAAC;AACH;AAEO,IAAM,iBAAiB,CAAC,cAA0C;AACvE,QAAM,YAAYC,QAAO,KAAK;AAC9B,QAAM,SAASC,WAAU;AAEzB,QAAM,EAAE,MAAM,MAAM,IAAIC,UAAS;AAAA,IAC/B,UAAU,CAAC,SAAS,SAAS;AAAA,IAC7B,SAAS,MAAM,mBAAmB,SAAS,KAAK;AAAA,IAChD,iBAAiB;AAAA,IACjB,6BAA6B;AAAA,IAC7B,SAAS,CAAC,UAAU;AAAA,IACpB,sBAAsB;AAAA,EACxB,CAAC;AAED,EAAAC,WAAU,MAAM;AACd,QAAI,OAAO;AACT,UAAI,CAAC,UAAU,SAAS;AACtB,kBAAU,UAAU;AACpB,eAAO,QAAQ;AAAA,MACjB;AAAA,IACF,OAAO;AACL,gBAAU,UAAU;AAAA,IACtB;AAAA,EACF,GAAG,CAAC,OAAO,MAAM,CAAC;AAElB,SAAO,wBAAS;AAClB;;;AHwBQ;AA5CR,IAAM,cAAc,IAAI,YAAY;AAI7B,IAAM,wBAAwB,CAAC,OAGJ;AAHI,eACpC;AAAA;AAAA,EAzBF,IAwBsC,IAEjC,kBAFiC,IAEjC;AAAA,IADH;AAAA;AAGA,QAAM,CAAC,aAAa,cAAc,IAAI,SAAiB,EAAE;AACzD,QAAM,iBAAiB,kBAAkB;AACzC,QAAM,EAAE,UAAU,aAAa,aAAa,cAAc,UAAU,IAClE;AAEF,EAAAC,WAAU,MAAM;AACd,QAAI,OAAO,WAAW,WAAW,aAAa;AAC5C,YAAM,aAAa,WAAW,OAAO,SAAS;AAC9C,qBAAe,mBAAmB,gBAAgB,UAAU,CAAC;AAAA,IAC/D;AAAA,EACF,GAAG,CAAC,aAAa,cAAc,CAAC;AAEhC,QAAM,OAAO,cAAc;AAC3B,QAAM,UAAU,wCAAmC;AACnD,QAAM,eAAe,OAAQ,iCAAM,QAAQ,CAAC,IAAf,EAAmB,QAAQ,KAAa;AACrE,QAAM,cAAc;AAAA,IAClB,eAAe,CAAC,CAAC;AAAA,KACb,UAAU,EAAE,QAAQ,IAAI,CAAC;AAE/B,QAAM,UAAU,MAA2B;AACzC,QAAI,MAAM,WAAW;AACnB,YAAM,MAAM,UAAU;AAAA,IACxB;AACA,WAAO,SAAS,OAAO;AACvB;AAAA,EACF;AACA,SACE,oBAAC,uBAAoB,QAAQ,aAC3B;AAAA,IAAC;AAAA,qCACK,QADL;AAAA,MAEC;AAAA,MACA,QAAQ,EAAE,YAAY;AAAA,MACtB;AAAA,MACA,cAAc,IAAI,+BAA+B,YAAY;AAAA,MAC7D;AAAA,MAEA;AAAA,QAAC;AAAA;AAAA,UACC,SAAS,IAAI,oBAAoB;AAAA,UACjC,MAAM;AAAA,UACN;AAAA,UAEC;AAAA;AAAA,MACH;AAAA;AAAA,EACF,GACF;AAEJ;","names":["useEffect","window","useEffect","useRef","useRouter","useQuery","useRef","useRouter","useQuery","useEffect","useEffect"]}

package/dist/nextjs.d.mts

@@ -2,33 +2,55 @@ import * as next_dist_shared_lib_image_config from 'next/dist/shared/lib/image-c
 import * as next_dist_lib_load_custom_routes from 'next/dist/lib/load-custom-routes';
 import * as next_dist_server_config_shared from 'next/dist/server/config-shared';
 import { NextConfig } from 'next';
-import { U as User, a as UnknownObject } from './index-DoDoIY_K.mjs';
+import { T as TokensCookieConfig, a as CookieConfig, O as OAuthTokens, C as CodeVerifier } from './types-Bqm9OCZN.mjs';
+import { U as User, S as SessionData, a as UnknownObject } from './types-HdCjGldB.mjs';
 import { NextRequest, NextResponse } from 'next/server.js';
+import { NextResponse as NextResponse$1 } from 'next/server';
+import { C as CookieStorage, a as CookieStorageSettings } from './storage-BJPUpxhm.mjs';
 import 'oslo/oauth2';
-import 'oslo/jwt';
 
-interface CookieConfig {
-    secure?: boolean;
-    sameSite?: "strict" | "lax" | "none";
-    domain?: string;
-    path?: string;
-    maxAge?: number;
-}
+type CookiesConfigObject = {
+    tokens: TokensCookieConfig;
+    user: CookieConfig;
+};
 type AuthConfigWithDefaults = {
     clientId: string;
     oauthServer: string;
     callbackUrl: string;
     loginUrl: string;
     logoutUrl: string;
+    appUrl?: string;
     challengeUrl: string;
     include: string[];
     exclude: string[];
-    cookies: {
-        tokens: CookieConfig;
-        user: CookieConfig;
-    };
+    cookies: CookiesConfigObject;
 };
 type AuthConfig = Partial<AuthConfigWithDefaults>;
+type DefinedAuthConfig = AuthConfigWithDefaults;
+/**
+ * Default configuration values that will be used if not overridden
+ */
+declare const defaultAuthConfig: Omit<AuthConfigWithDefaults, "clientId">;
+/**
+ * Resolves the authentication configuration by combining:
+ * 1. Default values
+ * 2. Environment variables (set internally by the plugin)
+ * 3. Explicitly passed configuration
+ *
+ * Note: Developers should not set _civic_auth_* environment variables directly.
+ * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:
+ *
+ * @example
+ * ```js
+ * // next.config.js
+ * export default createCivicAuthPlugin({
+ *   callbackUrl: '/custom/callback',
+ * })
+ * ```
+ */
+declare const resolveAuthConfig: (config?: AuthConfig) => AuthConfigWithDefaults & {
+    clientId: string;
+};
 /**
  * Creates a Next.js plugin that handles auth configuration.
  *
@@ -60,6 +82,7 @@ declare const createCivicAuthPlugin: (clientId: string, authConfig?: AuthConfig)
         _civic_auth_challenge_url: string;
         _civic_auth_login_url: string;
         _civic_auth_logout_url: string;
+        _civic_auth_app_url: string | undefined;
         _civic_auth_includes: string;
         _civic_auth_excludes: string;
         _civic_auth_cookie_config: string;
@@ -166,7 +189,11 @@ declare const createCivicAuthPlugin: (clientId: string, authConfig?: AuthConfig)
     experimental?: next_dist_server_config_shared.ExperimentalConfig;
 };
 
-declare const getUser: () => User<UnknownObject> | null;
+/**
+ * Used on the server-side to get the user object from the cookie
+ */
+
+declare const getUser: () => User | null;
 
 type Middleware = (request: NextRequest) => Promise<NextResponse> | NextResponse;
 /**
@@ -216,4 +243,29 @@ declare function auth(authConfig?: AuthConfig): (middleware: Middleware) => ((re
  */
 declare const handler: (authConfig?: {}) => (request: NextRequest) => Promise<NextResponse>;
 
-export { auth, authMiddleware, createCivicAuthPlugin, getUser, handler, withAuth };
+/**
+ * Creates HTTP-only cookies for authentication tokens
+ */
+declare const createTokenCookies: (response: NextResponse$1, sessionData: SessionData, config: AuthConfig) => void;
+/**
+ * Creates a client-readable cookie with user info
+ */
+declare const createUserInfoCookie: (response: NextResponse$1, user: User<UnknownObject> | null, sessionData: SessionData, config: AuthConfig) => void;
+/**
+ * Clears all authentication cookies
+ */
+declare const clearAuthCookies: (config: AuthConfig) => Promise<void>;
+type KeySetter = OAuthTokens | CodeVerifier;
+declare class NextjsCookieStorage extends CookieStorage {
+    readonly config: Partial<TokensCookieConfig>;
+    constructor(config?: Partial<TokensCookieConfig>);
+    get(key: string): string | null;
+    set(key: KeySetter, value: string): void;
+}
+declare class NextjsClientStorage extends CookieStorage {
+    constructor(config?: Partial<CookieStorageSettings>);
+    get(key: string): string | null;
+    set(key: string, value: string): void;
+}
+
+export { type AuthConfig, type AuthConfigWithDefaults, type CookiesConfigObject, type DefinedAuthConfig, NextjsClientStorage, NextjsCookieStorage, auth, authMiddleware, clearAuthCookies, createCivicAuthPlugin, createTokenCookies, createUserInfoCookie, defaultAuthConfig, getUser, handler, resolveAuthConfig, withAuth };

package/dist/nextjs.d.ts

@@ -2,33 +2,55 @@ import * as next_dist_shared_lib_image_config from 'next/dist/shared/lib/image-c
 import * as next_dist_lib_load_custom_routes from 'next/dist/lib/load-custom-routes';
 import * as next_dist_server_config_shared from 'next/dist/server/config-shared';
 import { NextConfig } from 'next';
-import { U as User, a as UnknownObject } from './index-DoDoIY_K.js';
+import { T as TokensCookieConfig, a as CookieConfig, O as OAuthTokens, C as CodeVerifier } from './types-Bqm9OCZN.js';
+import { U as User, S as SessionData, a as UnknownObject } from './types-HdCjGldB.js';
 import { NextRequest, NextResponse } from 'next/server.js';
+import { NextResponse as NextResponse$1 } from 'next/server';
+import { C as CookieStorage, a as CookieStorageSettings } from './storage-B2eAQNdv.js';
 import 'oslo/oauth2';
-import 'oslo/jwt';
 
-interface CookieConfig {
-    secure?: boolean;
-    sameSite?: "strict" | "lax" | "none";
-    domain?: string;
-    path?: string;
-    maxAge?: number;
-}
+type CookiesConfigObject = {
+    tokens: TokensCookieConfig;
+    user: CookieConfig;
+};
 type AuthConfigWithDefaults = {
     clientId: string;
     oauthServer: string;
     callbackUrl: string;
     loginUrl: string;
     logoutUrl: string;
+    appUrl?: string;
     challengeUrl: string;
     include: string[];
     exclude: string[];
-    cookies: {
-        tokens: CookieConfig;
-        user: CookieConfig;
-    };
+    cookies: CookiesConfigObject;
 };
 type AuthConfig = Partial<AuthConfigWithDefaults>;
+type DefinedAuthConfig = AuthConfigWithDefaults;
+/**
+ * Default configuration values that will be used if not overridden
+ */
+declare const defaultAuthConfig: Omit<AuthConfigWithDefaults, "clientId">;
+/**
+ * Resolves the authentication configuration by combining:
+ * 1. Default values
+ * 2. Environment variables (set internally by the plugin)
+ * 3. Explicitly passed configuration
+ *
+ * Note: Developers should not set _civic_auth_* environment variables directly.
+ * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:
+ *
+ * @example
+ * ```js
+ * // next.config.js
+ * export default createCivicAuthPlugin({
+ *   callbackUrl: '/custom/callback',
+ * })
+ * ```
+ */
+declare const resolveAuthConfig: (config?: AuthConfig) => AuthConfigWithDefaults & {
+    clientId: string;
+};
 /**
  * Creates a Next.js plugin that handles auth configuration.
  *
@@ -60,6 +82,7 @@ declare const createCivicAuthPlugin: (clientId: string, authConfig?: AuthConfig)
         _civic_auth_challenge_url: string;
         _civic_auth_login_url: string;
         _civic_auth_logout_url: string;
+        _civic_auth_app_url: string | undefined;
         _civic_auth_includes: string;
         _civic_auth_excludes: string;
         _civic_auth_cookie_config: string;
@@ -166,7 +189,11 @@ declare const createCivicAuthPlugin: (clientId: string, authConfig?: AuthConfig)
     experimental?: next_dist_server_config_shared.ExperimentalConfig;
 };
 
-declare const getUser: () => User<UnknownObject> | null;
+/**
+ * Used on the server-side to get the user object from the cookie
+ */
+
+declare const getUser: () => User | null;
 
 type Middleware = (request: NextRequest) => Promise<NextResponse> | NextResponse;
 /**
@@ -216,4 +243,29 @@ declare function auth(authConfig?: AuthConfig): (middleware: Middleware) => ((re
  */
 declare const handler: (authConfig?: {}) => (request: NextRequest) => Promise<NextResponse>;
 
-export { auth, authMiddleware, createCivicAuthPlugin, getUser, handler, withAuth };
+/**
+ * Creates HTTP-only cookies for authentication tokens
+ */
+declare const createTokenCookies: (response: NextResponse$1, sessionData: SessionData, config: AuthConfig) => void;
+/**
+ * Creates a client-readable cookie with user info
+ */
+declare const createUserInfoCookie: (response: NextResponse$1, user: User<UnknownObject> | null, sessionData: SessionData, config: AuthConfig) => void;
+/**
+ * Clears all authentication cookies
+ */
+declare const clearAuthCookies: (config: AuthConfig) => Promise<void>;
+type KeySetter = OAuthTokens | CodeVerifier;
+declare class NextjsCookieStorage extends CookieStorage {
+    readonly config: Partial<TokensCookieConfig>;
+    constructor(config?: Partial<TokensCookieConfig>);
+    get(key: string): string | null;
+    set(key: KeySetter, value: string): void;
+}
+declare class NextjsClientStorage extends CookieStorage {
+    constructor(config?: Partial<CookieStorageSettings>);
+    get(key: string): string | null;
+    set(key: string, value: string): void;
+}
+
+export { type AuthConfig, type AuthConfigWithDefaults, type CookiesConfigObject, type DefinedAuthConfig, NextjsClientStorage, NextjsCookieStorage, auth, authMiddleware, clearAuthCookies, createCivicAuthPlugin, createTokenCookies, createUserInfoCookie, defaultAuthConfig, getUser, handler, resolveAuthConfig, withAuth };