@civic/auth 0.0.1-beta.23 → 0.0.1-beta.25

package/dist/AuthProvider-BBetpl_s.d.mts

@@ -0,0 +1,21 @@
+import { ReactNode } from 'react';
+import { C as Config, S as SessionData } from './types-BxAubCqO.mjs';
+
+interface PKCEConsumer {
+    getCodeChallenge(): Promise<string>;
+}
+
+type AuthProviderProps = {
+    children: ReactNode;
+    clientId: string;
+    redirectUrl?: string;
+    nonce?: string;
+    config?: Config;
+    onSignIn?: (error?: Error) => void;
+    onSignOut?: () => Promise<void>;
+    pkceConsumer?: PKCEConsumer;
+    modalIframe?: boolean;
+    sessionData?: SessionData;
+};
+
+export type { AuthProviderProps as A };

package/dist/AuthProvider-BYZ8w92b.d.mts

@@ -0,0 +1,15 @@
+import { ReactNode } from 'react';
+import { C as Config } from './types-BxAubCqO.mjs';
+
+type AuthProviderProps = {
+    children: ReactNode;
+    clientId: string;
+    nonce?: string;
+    onSignIn?: (error?: Error) => void;
+    onSignOut?: () => Promise<void>;
+    modalIframe?: boolean;
+    config?: Config;
+    redirectUrl?: string;
+};
+
+export type { AuthProviderProps as A };

package/dist/AuthProvider-BgOwv9h8.d.ts

@@ -0,0 +1,15 @@
+import { ReactNode } from 'react';
+import { C as Config } from './types-BxAubCqO.js';
+
+type AuthProviderProps = {
+    children: ReactNode;
+    clientId: string;
+    nonce?: string;
+    onSignIn?: (error?: Error) => void;
+    onSignOut?: () => Promise<void>;
+    modalIframe?: boolean;
+    config?: Config;
+    redirectUrl?: string;
+};
+
+export type { AuthProviderProps as A };

package/dist/AuthProvider-D_kReUi0.d.ts

@@ -0,0 +1,21 @@
+import { ReactNode } from 'react';
+import { C as Config, S as SessionData } from './types-BxAubCqO.js';
+
+interface PKCEConsumer {
+    getCodeChallenge(): Promise<string>;
+}
+
+type AuthProviderProps = {
+    children: ReactNode;
+    clientId: string;
+    redirectUrl?: string;
+    nonce?: string;
+    config?: Config;
+    onSignIn?: (error?: Error) => void;
+    onSignOut?: () => Promise<void>;
+    pkceConsumer?: PKCEConsumer;
+    modalIframe?: boolean;
+    sessionData?: SessionData;
+};
+
+export type { AuthProviderProps as A };

package/dist/UserProvider-BA2uflVB.d.ts

@@ -0,0 +1,16 @@
+import { JWT } from 'oslo/jwt';
+import { D as DisplayMode, U as User } from './types-BxAubCqO.js';
+
+type AuthContextType = {
+    signIn: (displayMode?: DisplayMode) => Promise<void>;
+    isAuthenticated: boolean;
+    isLoading: boolean;
+    error: Error | null;
+    signOut: () => Promise<void>;
+};
+
+type UserContextType<T extends Record<string, unknown> & JWT["payload"] = Record<string, unknown> & JWT["payload"]> = {
+    user: User<T> | null;
+} & Omit<AuthContextType, "isAuthenticated">;
+
+export type { AuthContextType as A, UserContextType as U };

package/dist/UserProvider-Bl3j1PUO.d.mts

@@ -0,0 +1,16 @@
+import { JWT } from 'oslo/jwt';
+import { D as DisplayMode, U as User } from './types-BxAubCqO.mjs';
+
+type AuthContextType = {
+    signIn: (displayMode?: DisplayMode) => Promise<void>;
+    isAuthenticated: boolean;
+    isLoading: boolean;
+    error: Error | null;
+    signOut: () => Promise<void>;
+};
+
+type UserContextType<T extends Record<string, unknown> & JWT["payload"] = Record<string, unknown> & JWT["payload"]> = {
+    user: User<T> | null;
+} & Omit<AuthContextType, "isAuthenticated">;
+
+export type { AuthContextType as A, UserContextType as U };

package/dist/chunk-2OZJONNO.js

@@ -0,0 +1,172 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+
+
+var _chunk7K3QN2ATjs = require('./chunk-7K3QN2AT.js');
+
+
+
+var _chunkCRTRMMJ7js = require('./chunk-CRTRMMJ7.js');
+
+// src/lib/logger.ts
+var _debug = require('debug'); var _debug2 = _interopRequireDefault(_debug);
+var PACKAGE_NAME = "@civic/auth";
+var DebugLogger = class {
+  constructor(namespace) {
+    this.debugLogger = _debug2.default.call(void 0, `${PACKAGE_NAME}:${namespace}:debug`);
+    this.infoLogger = _debug2.default.call(void 0, `${PACKAGE_NAME}:${namespace}:info`);
+    this.warnLogger = _debug2.default.call(void 0, `${PACKAGE_NAME}:${namespace}:warn`);
+    this.errorLogger = _debug2.default.call(void 0, `${PACKAGE_NAME}:${namespace}:error`);
+    this.debugLogger.color = "4";
+    this.infoLogger.color = "2";
+    this.warnLogger.color = "3";
+    this.errorLogger.color = "1";
+  }
+  debug(message, ...args) {
+    this.debugLogger(message, ...args);
+  }
+  info(message, ...args) {
+    this.infoLogger(message, ...args);
+  }
+  warn(message, ...args) {
+    this.warnLogger(message, ...args);
+  }
+  error(message, ...args) {
+    this.errorLogger(message, ...args);
+  }
+};
+var createLogger = (namespace) => new DebugLogger(namespace);
+var loggers = {
+  // Next.js specific loggers
+  nextjs: {
+    routes: createLogger("api:routes"),
+    middleware: createLogger("api:middleware"),
+    handlers: {
+      auth: createLogger("api:handlers:auth")
+    }
+  },
+  // React specific loggers
+  react: {
+    components: createLogger("react:components"),
+    hooks: createLogger("react:hooks"),
+    context: createLogger("react:context")
+  },
+  // Shared utilities loggers
+  services: {
+    validation: createLogger("utils:validation"),
+    network: createLogger("utils:network")
+  }
+};
+
+// src/nextjs/config.ts
+var logger = loggers.nextjs.handlers.auth;
+var _a;
+var appUrl = typeof process !== "undefined" ? ((_a = process == null ? void 0 : process.env) == null ? void 0 : _a.NEXT_PUBLIC_APP_URL) || "" : "";
+var defaultServerSecure = !appUrl.startsWith("http://localhost");
+var defaultAuthConfig = {
+  oauthServer: _chunk7K3QN2ATjs.DEFAULT_AUTH_SERVER,
+  callbackUrl: "/api/auth/callback",
+  challengeUrl: "/api/auth/challenge",
+  logoutUrl: "/api/auth/logout",
+  loginUrl: "/",
+  include: ["/*"],
+  exclude: [],
+  cookies: {
+    tokens: {
+      ["id_token" /* ID_TOKEN */]: {
+        secure: defaultServerSecure,
+        httpOnly: true,
+        sameSite: "strict",
+        path: "/"
+      },
+      ["access_token" /* ACCESS_TOKEN */]: {
+        secure: defaultServerSecure,
+        httpOnly: true,
+        sameSite: "strict",
+        path: "/"
+      },
+      ["refresh_token" /* REFRESH_TOKEN */]: {
+        secure: defaultServerSecure,
+        httpOnly: true,
+        sameSite: "strict",
+        path: "/"
+      },
+      ["code_verifier" /* COOKIE_NAME */]: {
+        secure: defaultServerSecure,
+        httpOnly: true,
+        sameSite: "strict",
+        path: "/"
+      }
+    },
+    user: {
+      secure: defaultServerSecure,
+      httpOnly: false,
+      sameSite: "strict",
+      path: "/",
+      maxAge: 60 * 60
+      // 1 hour
+    }
+  }
+};
+var resolveAuthConfig = (config = {}) => {
+  var _a2, _b, _c, _d, _e, _f;
+  const configFromEnv = _chunk7K3QN2ATjs.withoutUndefined.call(void 0, {
+    clientId: process.env._civic_auth_client_id,
+    oauthServer: process.env._civic_oauth_server,
+    callbackUrl: process.env._civic_auth_callback_url,
+    challengeUrl: process.env._civic_auth_challenge_url,
+    loginUrl: process.env._civic_auth_login_url,
+    appUrl: process.env._civic_auth_app_url,
+    logoutUrl: process.env._civic_auth_logout_url,
+    include: (_a2 = process.env._civic_auth_includes) == null ? void 0 : _a2.split(","),
+    exclude: (_b = process.env._civic_auth_excludes) == null ? void 0 : _b.split(","),
+    cookies: process.env._civic_auth_cookie_config ? JSON.parse(process.env._civic_auth_cookie_config) : void 0
+  });
+  const mergedConfig = _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, defaultAuthConfig), configFromEnv), config), {
+    // Override with directly passed config
+    cookies: {
+      tokens: _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, defaultAuthConfig.cookies.tokens), ((_c = configFromEnv == null ? void 0 : configFromEnv.cookies) == null ? void 0 : _c.tokens) || {}), ((_d = config.cookies) == null ? void 0 : _d.tokens) || {}),
+      user: _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, defaultAuthConfig.cookies.user), ((_e = configFromEnv == null ? void 0 : configFromEnv.cookies) == null ? void 0 : _e.user) || {}), ((_f = config.cookies) == null ? void 0 : _f.user) || {})
+    }
+  });
+  logger.debug(
+    "Config from environment:",
+    JSON.stringify(configFromEnv, null, 2)
+  );
+  logger.debug("Resolved config:", JSON.stringify(mergedConfig, null, 2));
+  if (mergedConfig.clientId === void 0) {
+    throw new Error("Civic Auth client ID is required");
+  }
+  return mergedConfig;
+};
+var createCivicAuthPlugin = (authConfig) => {
+  return (nextConfig) => {
+    logger.debug(
+      "createCivicAuthPlugin nextConfig",
+      JSON.stringify(nextConfig, null, 2)
+    );
+    const resolvedConfig = resolveAuthConfig(_chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, authConfig));
+    return _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, nextConfig), {
+      env: _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, nextConfig == null ? void 0 : nextConfig.env), {
+        // Internal environment variables - do not set these manually
+        _civic_auth_client_id: resolvedConfig.clientId,
+        _civic_oauth_server: resolvedConfig.oauthServer,
+        _civic_auth_callback_url: resolvedConfig.callbackUrl,
+        _civic_auth_challenge_url: resolvedConfig.challengeUrl,
+        _civic_auth_login_url: resolvedConfig.loginUrl,
+        _civic_auth_logout_url: resolvedConfig.logoutUrl,
+        _civic_auth_app_url: resolvedConfig.appUrl,
+        _civic_auth_includes: resolvedConfig.include.join(","),
+        _civic_auth_excludes: resolvedConfig.exclude.join(","),
+        _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies)
+      })
+    });
+  };
+};
+
+
+
+
+
+
+exports.loggers = loggers; exports.defaultAuthConfig = defaultAuthConfig; exports.resolveAuthConfig = resolveAuthConfig; exports.createCivicAuthPlugin = createCivicAuthPlugin;
+//# sourceMappingURL=chunk-2OZJONNO.js.map

package/dist/chunk-2OZJONNO.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/chunk-2OZJONNO.js","../src/lib/logger.ts","../src/nextjs/config.ts"],"names":[],"mappings":"AAAA;AACE;AACA;AACF,sDAA4B;AAC5B;AACE;AACA;AACF,sDAA4B;AAC5B;AACA;ACTA,4EAAkB;AAElB,IAAM,aAAA,EAAe,aAAA;AASrB,IAAM,YAAA,EAAN,MAAoC;AAAA,EAMlC,WAAA,CAAY,SAAA,EAAmB;AAE7B,IAAA,IAAA,CAAK,YAAA,EAAc,6BAAA,CAAM,EAAA;AACD,IAAA;AACA,IAAA;AACC,IAAA;AAEA,IAAA;AACD,IAAA;AACA,IAAA;AACC,IAAA;AAC3B,EAAA;AAEiD,EAAA;AACrB,IAAA;AAC5B,EAAA;AAEgD,EAAA;AACrB,IAAA;AAC3B,EAAA;AAEgD,EAAA;AACrB,IAAA;AAC3B,EAAA;AAEiD,EAAA;AACrB,IAAA;AAC5B,EAAA;AACF;AAE6B;AAIN;AAAA;AAEb,EAAA;AACe,IAAA;AACI,IAAA;AACf,IAAA;AACW,MAAA;AACrB,IAAA;AACF,EAAA;AAAA;AAEO,EAAA;AACoB,IAAA;AACL,IAAA;AACE,IAAA;AACxB,EAAA;AAAA;AAEU,EAAA;AACiB,IAAA;AACH,IAAA;AACxB,EAAA;AACF;ADb8B;AACA;AE/CA;AAZ9B;AAqCS;AACoB;AAK8C;AAC5D,EAAA;AACA,EAAA;AACC,EAAA;AACH,EAAA;AACD,EAAA;AACI,EAAA;AACJ,EAAA;AACD,EAAA;AACC,IAAA;AACN,MAAA;AACU,QAAA;AACE,QAAA;AACA,QAAA;AACJ,QAAA;AACR,MAAA;AACA,MAAA;AACU,QAAA;AACE,QAAA;AACA,QAAA;AACJ,QAAA;AACR,MAAA;AACA,MAAA;AACU,QAAA;AACE,QAAA;AACA,QAAA;AACJ,QAAA;AACR,MAAA;AACA,MAAA;AACU,QAAA;AACE,QAAA;AACA,QAAA;AACJ,QAAA;AACR,MAAA;AACF,IAAA;AACM,IAAA;AACI,MAAA;AACE,MAAA;AACA,MAAA;AACJ,MAAA;AACO,MAAA;AAAA;AACf,IAAA;AACF,EAAA;AACF;AAoBE;AA1GF,EAAA;AA6GwB,EAAA;AACE,IAAA;AACG,IAAA;AACA,IAAA;AACC,IAAA;AACJ,IAAA;AACF,IAAA;AACG,IAAA;AACN,IAAA;AACA,IAAA;AACI,IAAA;AAGtB,EAAA;AACoB,EAAA;AAAA;AAIV,IAAA;AACC,MAAA;AAKF,MAAA;AAKR,IAAA;AACF,EAAA;AAEO,EAAA;AACL,IAAA;AACe,IAAA;AACjB,EAAA;AACa,EAAA;AACI,EAAA;AACC,IAAA;AAClB,EAAA;AACO,EAAA;AACT;AA0BE;AAEoC,EAAA;AAC3B,IAAA;AACL,MAAA;AACe,MAAA;AACjB,IAAA;AACuB,IAAA;AAChB,IAAA;AAEA,MAAA;AAAA;AAGH,QAAA;AACqB,QAAA;AACrB,QAAA;AACA,QAAA;AACA,QAAA;AACA,QAAA;AACqB,QAAA;AACC,QAAA;AACA,QAAA;AACtB,QAAA;AACF,MAAA;AACF,IAAA;AACF,EAAA;AACF;AFtC8B;AACA;AACA;AACA;AACA;AACA;AACA","file":"/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/chunk-2OZJONNO.js","sourcesContent":[null,"import debug from \"debug\";\n\nconst PACKAGE_NAME = \"@civic/auth\";\n\nexport interface Logger {\n  debug(message: string, ...args: unknown[]): void;\n  info(message: string, ...args: unknown[]): void;\n  warn(message: string, ...args: unknown[]): void;\n  error(message: string, ...args: unknown[]): void;\n}\n\nclass DebugLogger implements Logger {\n  private debugLogger: debug.Debugger;\n  private infoLogger: debug.Debugger;\n  private warnLogger: debug.Debugger;\n  private errorLogger: debug.Debugger;\n\n  constructor(namespace: string) {\n    // Format: @org/package:library:component:level\n    this.debugLogger = debug(`${PACKAGE_NAME}:${namespace}:debug`);\n    this.infoLogger = debug(`${PACKAGE_NAME}:${namespace}:info`);\n    this.warnLogger = debug(`${PACKAGE_NAME}:${namespace}:warn`);\n    this.errorLogger = debug(`${PACKAGE_NAME}:${namespace}:error`);\n\n    this.debugLogger.color = \"4\";\n    this.infoLogger.color = \"2\";\n    this.warnLogger.color = \"3\";\n    this.errorLogger.color = \"1\";\n  }\n\n  debug(message: string, ...args: unknown[]): void {\n    this.debugLogger(message, ...args);\n  }\n\n  info(message: string, ...args: unknown[]): void {\n    this.infoLogger(message, ...args);\n  }\n\n  warn(message: string, ...args: unknown[]): void {\n    this.warnLogger(message, ...args);\n  }\n\n  error(message: string, ...args: unknown[]): void {\n    this.errorLogger(message, ...args);\n  }\n}\n\nexport const createLogger = (namespace: string): Logger =>\n  new DebugLogger(namespace);\n\n// Pre-configured loggers for different parts of your package\nexport const loggers = {\n  // Next.js specific loggers\n  nextjs: {\n    routes: createLogger(\"api:routes\"),\n    middleware: createLogger(\"api:middleware\"),\n    handlers: {\n      auth: createLogger(\"api:handlers:auth\"),\n    },\n  },\n  // React specific loggers\n  react: {\n    components: createLogger(\"react:components\"),\n    hooks: createLogger(\"react:hooks\"),\n    context: createLogger(\"react:context\"),\n  },\n  // Shared utilities loggers\n  services: {\n    validation: createLogger(\"utils:validation\"),\n    network: createLogger(\"utils:network\"),\n  },\n} as const;\n","/* eslint-disable turbo/no-undeclared-env-vars */\nimport { NextConfig } from \"next\";\nimport { loggers } from \"@/lib/logger\";\nimport { withoutUndefined } from \"@/utils\";\nimport {\n  CodeVerifier,\n  CookieConfig,\n  OAuthTokens,\n  TokensCookieConfig,\n} from \"@/shared/types\";\nimport { DEFAULT_AUTH_SERVER } from \"@/constants\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nexport type CookiesConfigObject = {\n  tokens: TokensCookieConfig;\n  user: CookieConfig;\n};\n\nexport type AuthConfigWithDefaults = {\n  clientId: string;\n  oauthServer: string;\n  callbackUrl: string;\n  loginUrl: string;\n  logoutUrl: string;\n  appUrl?: string;\n  challengeUrl: string;\n  include: string[];\n  exclude: string[];\n  cookies: CookiesConfigObject;\n};\n\nexport type AuthConfig = Partial<AuthConfigWithDefaults>;\n\nexport type DefinedAuthConfig = AuthConfigWithDefaults;\n\nconst appUrl =\n  typeof process !== \"undefined\" ? process?.env?.NEXT_PUBLIC_APP_URL || \"\" : \"\";\nconst defaultServerSecure = !appUrl.startsWith(\"http://localhost\");\n\n/**\n * Default configuration values that will be used if not overridden\n */\nexport const defaultAuthConfig: Omit<AuthConfigWithDefaults, \"clientId\"> = {\n  oauthServer: DEFAULT_AUTH_SERVER,\n  callbackUrl: \"/api/auth/callback\",\n  challengeUrl: \"/api/auth/challenge\",\n  logoutUrl: \"/api/auth/logout\",\n  loginUrl: \"/\",\n  include: [\"/*\"],\n  exclude: [],\n  cookies: {\n    tokens: {\n      [OAuthTokens.ID_TOKEN]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n      [OAuthTokens.ACCESS_TOKEN]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n      [OAuthTokens.REFRESH_TOKEN]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n      [CodeVerifier.COOKIE_NAME]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n    },\n    user: {\n      secure: defaultServerSecure,\n      httpOnly: false,\n      sameSite: \"strict\",\n      path: \"/\",\n      maxAge: 60 * 60, // 1 hour\n    },\n  },\n};\n\n/**\n * Resolves the authentication configuration by combining:\n * 1. Default values\n * 2. Environment variables (set internally by the plugin)\n * 3. Explicitly passed configuration\n *\n * Note: Developers should not set _civic_auth_* environment variables directly.\n * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n *   callbackUrl: '/custom/callback',\n * })\n * ```\n */\nexport const resolveAuthConfig = (\n  config: AuthConfig = {},\n): AuthConfigWithDefaults => {\n  // Read configuration that was set by the plugin via environment variables\n  const configFromEnv = withoutUndefined({\n    clientId: process.env._civic_auth_client_id,\n    oauthServer: process.env._civic_oauth_server,\n    callbackUrl: process.env._civic_auth_callback_url,\n    challengeUrl: process.env._civic_auth_challenge_url,\n    loginUrl: process.env._civic_auth_login_url,\n    appUrl: process.env._civic_auth_app_url,\n    logoutUrl: process.env._civic_auth_logout_url,\n    include: process.env._civic_auth_includes?.split(\",\"),\n    exclude: process.env._civic_auth_excludes?.split(\",\"),\n    cookies: process.env._civic_auth_cookie_config\n      ? JSON.parse(process.env._civic_auth_cookie_config)\n      : undefined,\n  }) as AuthConfig;\n  const mergedConfig = {\n    ...defaultAuthConfig,\n    ...configFromEnv, // Apply plugin-set config\n    ...config, // Override with directly passed config\n    cookies: {\n      tokens: {\n        ...defaultAuthConfig.cookies.tokens,\n        ...(configFromEnv?.cookies?.tokens || {}),\n        ...(config.cookies?.tokens || {}),\n      },\n      user: {\n        ...defaultAuthConfig.cookies.user,\n        ...(configFromEnv?.cookies?.user || {}),\n        ...(config.cookies?.user || {}),\n      },\n    },\n  };\n\n  logger.debug(\n    \"Config from environment:\",\n    JSON.stringify(configFromEnv, null, 2),\n  );\n  logger.debug(\"Resolved config:\", JSON.stringify(mergedConfig, null, 2));\n  if (mergedConfig.clientId === undefined) {\n    throw new Error(\"Civic Auth client ID is required\");\n  }\n  return mergedConfig as AuthConfigWithDefaults & { clientId: string };\n};\n\n/**\n * Creates a Next.js plugin that handles auth configuration.\n *\n * This is the main configuration point for the auth system.\n * Do not set _civic_auth_* environment variables directly - instead,\n * pass your configuration here:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n *   clientId: 'my-client-id',\n *   callbackUrl: '/custom/callback',\n *   loginUrl: '/custom/login',\n *   logoutUrl: '/custom/logout',\n *   include: ['/protected/*'],\n *   exclude: ['/public/*']\n * })\n * ```\n *\n * The plugin sets internal environment variables that are used by\n * the auth system. These variables should not be set manually.\n */\nexport const createCivicAuthPlugin = (\n  authConfig: AuthConfig & Pick<Required<AuthConfig>, \"clientId\">,\n) => {\n  return (nextConfig?: NextConfig) => {\n    logger.debug(\n      \"createCivicAuthPlugin nextConfig\",\n      JSON.stringify(nextConfig, null, 2),\n    );\n    const resolvedConfig = resolveAuthConfig({ ...authConfig });\n    return {\n      ...nextConfig,\n      env: {\n        ...nextConfig?.env,\n        // Internal environment variables - do not set these manually\n        _civic_auth_client_id: resolvedConfig.clientId,\n        _civic_oauth_server: resolvedConfig.oauthServer,\n        _civic_auth_callback_url: resolvedConfig.callbackUrl,\n        _civic_auth_challenge_url: resolvedConfig.challengeUrl,\n        _civic_auth_login_url: resolvedConfig.loginUrl,\n        _civic_auth_logout_url: resolvedConfig.logoutUrl,\n        _civic_auth_app_url: resolvedConfig.appUrl,\n        _civic_auth_includes: resolvedConfig.include.join(\",\"),\n        _civic_auth_excludes: resolvedConfig.exclude.join(\",\"),\n        _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies),\n      },\n    };\n  };\n};\n"]}

package/dist/chunk-2TDB4XWE.js

@@ -0,0 +1,277 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+
+var _chunk6RFRDWIPjs = require('./chunk-6RFRDWIP.js');
+
+
+
+
+
+var _chunk7K3QN2ATjs = require('./chunk-7K3QN2AT.js');
+
+
+
+
+var _chunkCRTRMMJ7js = require('./chunk-CRTRMMJ7.js');
+
+// src/lib/logger.ts
+var _debug = require('debug'); var _debug2 = _interopRequireDefault(_debug);
+var PACKAGE_NAME = "@civic/auth";
+var DebugLogger = class {
+  constructor(namespace) {
+    this.debugLogger = _debug2.default.call(void 0, `${PACKAGE_NAME}:${namespace}:debug`);
+    this.infoLogger = _debug2.default.call(void 0, `${PACKAGE_NAME}:${namespace}:info`);
+    this.warnLogger = _debug2.default.call(void 0, `${PACKAGE_NAME}:${namespace}:warn`);
+    this.errorLogger = _debug2.default.call(void 0, `${PACKAGE_NAME}:${namespace}:error`);
+    this.debugLogger.color = "4";
+    this.infoLogger.color = "2";
+    this.warnLogger.color = "3";
+    this.errorLogger.color = "1";
+  }
+  debug(message, ...args) {
+    this.debugLogger(message, ...args);
+  }
+  info(message, ...args) {
+    this.infoLogger(message, ...args);
+  }
+  warn(message, ...args) {
+    this.warnLogger(message, ...args);
+  }
+  error(message, ...args) {
+    this.errorLogger(message, ...args);
+  }
+};
+var createLogger = (namespace) => new DebugLogger(namespace);
+var loggers = {
+  // Next.js specific loggers
+  nextjs: {
+    routes: createLogger("api:routes"),
+    middleware: createLogger("api:middleware"),
+    handlers: {
+      auth: createLogger("api:handlers:auth")
+    }
+  },
+  // React specific loggers
+  react: {
+    components: createLogger("react:components"),
+    hooks: createLogger("react:hooks"),
+    context: createLogger("react:context")
+  },
+  // Shared utilities loggers
+  services: {
+    validation: createLogger("utils:validation"),
+    network: createLogger("utils:network")
+  }
+};
+
+// src/nextjs/config.ts
+var logger = loggers.nextjs.handlers.auth;
+console.log(`process.env.NODE_ENV: ${process.env.NODE_ENV}`);
+var isDevelopment = process.env.NODE_ENV === "development";
+var defaultServerSecure = isDevelopment ? false : true;
+console.log(`defaultServerSecure: ${defaultServerSecure}`);
+var defaultAuthConfig = {
+  oauthServer: _chunk7K3QN2ATjs.DEFAULT_AUTH_SERVER,
+  callbackUrl: "/api/auth/callback",
+  challengeUrl: "/api/auth/challenge",
+  logoutUrl: "/api/auth/logout",
+  loginUrl: "/",
+  include: ["/*"],
+  exclude: [],
+  cookies: {
+    tokens: {
+      ["id_token" /* ID_TOKEN */]: {
+        secure: defaultServerSecure,
+        httpOnly: true,
+        sameSite: "strict",
+        path: "/"
+      },
+      ["access_token" /* ACCESS_TOKEN */]: {
+        secure: defaultServerSecure,
+        httpOnly: true,
+        sameSite: "strict",
+        path: "/"
+      },
+      ["refresh_token" /* REFRESH_TOKEN */]: {
+        secure: defaultServerSecure,
+        httpOnly: true,
+        sameSite: "strict",
+        path: "/"
+      },
+      ["code_verifier" /* COOKIE_NAME */]: {
+        secure: defaultServerSecure,
+        httpOnly: true,
+        sameSite: "strict",
+        path: "/"
+      }
+    },
+    user: {
+      secure: defaultServerSecure,
+      httpOnly: false,
+      sameSite: "strict",
+      path: "/",
+      maxAge: 60 * 60
+      // 1 hour
+    }
+  }
+};
+var resolveAuthConfig = (config = {}) => {
+  var _a, _b, _c, _d, _e, _f;
+  const configFromEnv = _chunk7K3QN2ATjs.withoutUndefined.call(void 0, {
+    clientId: process.env._civic_auth_client_id,
+    oauthServer: process.env._civic_oauth_server,
+    callbackUrl: process.env._civic_auth_callback_url,
+    challengeUrl: process.env._civic_auth_challenge_url,
+    loginUrl: process.env._civic_auth_login_url,
+    logoutUrl: process.env._civic_auth_logout_url,
+    include: (_a = process.env._civic_auth_includes) == null ? void 0 : _a.split(","),
+    exclude: (_b = process.env._civic_auth_excludes) == null ? void 0 : _b.split(","),
+    cookies: process.env._civic_auth_cookie_config ? JSON.parse(process.env._civic_auth_cookie_config) : void 0
+  });
+  const mergedConfig = _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, defaultAuthConfig), configFromEnv), config), {
+    // Override with directly passed config
+    cookies: {
+      tokens: _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, defaultAuthConfig.cookies.tokens), ((_c = configFromEnv == null ? void 0 : configFromEnv.cookies) == null ? void 0 : _c.tokens) || {}), ((_d = config.cookies) == null ? void 0 : _d.tokens) || {}),
+      user: _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, defaultAuthConfig.cookies.user), ((_e = configFromEnv == null ? void 0 : configFromEnv.cookies) == null ? void 0 : _e.user) || {}), ((_f = config.cookies) == null ? void 0 : _f.user) || {})
+    }
+  });
+  logger.debug(
+    "Config from environment:",
+    JSON.stringify(configFromEnv, null, 2)
+  );
+  logger.debug("Resolved config:", JSON.stringify(mergedConfig, null, 2));
+  if (mergedConfig.clientId === void 0) {
+    throw new Error("Civic Auth client ID is required");
+  }
+  return mergedConfig;
+};
+var createCivicAuthPlugin = (authConfig) => {
+  return (nextConfig) => {
+    logger.debug(
+      "createCivicAuthPlugin nextConfig",
+      JSON.stringify(nextConfig, null, 2)
+    );
+    const resolvedConfig = resolveAuthConfig(_chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, authConfig));
+    return _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, nextConfig), {
+      env: _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, nextConfig == null ? void 0 : nextConfig.env), {
+        // Internal environment variables - do not set these manually
+        _civic_auth_client_id: resolvedConfig.clientId,
+        _civic_oauth_server: resolvedConfig.oauthServer,
+        _civic_auth_callback_url: resolvedConfig.callbackUrl,
+        _civic_auth_challenge_url: resolvedConfig.challengeUrl,
+        _civic_auth_login_url: resolvedConfig.loginUrl,
+        _civic_auth_logout_url: resolvedConfig.logoutUrl,
+        _civic_auth_includes: resolvedConfig.include.join(","),
+        _civic_auth_excludes: resolvedConfig.exclude.join(","),
+        _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies)
+      })
+    });
+  };
+};
+
+// src/nextjs/cookies.ts
+var _headersjs = require('next/headers.js');
+var createTokenCookies = (response, sessionData, config) => {
+  var _a, _b;
+  const maxAge = (_a = sessionData.expiresIn) != null ? _a : 3600;
+  const cookieOptions = _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, (_b = config.cookies) == null ? void 0 : _b.tokens), {
+    maxAge
+  });
+  if (sessionData.accessToken) {
+    response.cookies.set("access_token", sessionData.accessToken, _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, cookieOptions), {
+      httpOnly: true
+    }));
+  }
+  if (sessionData.idToken) {
+    response.cookies.set("id_token", sessionData.idToken, _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, cookieOptions), {
+      httpOnly: true
+    }));
+  }
+  if (sessionData.refreshToken) {
+    response.cookies.set("refresh_token", sessionData.refreshToken, _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, cookieOptions), {
+      httpOnly: true
+    }));
+  }
+};
+var createUserInfoCookie = (response, user, sessionData, config) => {
+  var _a, _b, _c;
+  if (!user) {
+    response.cookies.set("user", "", _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, (_a = config.cookies) == null ? void 0 : _a.user), {
+      maxAge: 0
+    }));
+    return;
+  }
+  const maxAge = (_b = sessionData.expiresIn) != null ? _b : 3600;
+  const frontendUser = _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, user);
+  response.cookies.set("user", JSON.stringify(frontendUser), _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, (_c = config.cookies) == null ? void 0 : _c.user), {
+    maxAge
+  }));
+};
+var clearAuthCookies = (config) => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
+  var _a;
+  const cookieStorage = new NextjsCookieStorage((_a = config.cookies) == null ? void 0 : _a.tokens);
+  _chunk7K3QN2ATjs.clearTokens.call(void 0, cookieStorage);
+  const clientStorage = new NextjsClientStorage();
+  const userSession = new (0, _chunk7K3QN2ATjs.GenericUserSession)(clientStorage);
+  userSession.set(null);
+});
+var NextjsCookieStorage = class extends _chunk6RFRDWIPjs.CookieStorage {
+  constructor(config = {}) {
+    super({
+      secure: true,
+      httpOnly: true
+    });
+    this.config = config;
+  }
+  get(key) {
+    var _a;
+    return ((_a = _headersjs.cookies.call(void 0, ).get(key)) == null ? void 0 : _a.value) || null;
+  }
+  set(key, value) {
+    var _a;
+    const cookieSettings = ((_a = this.config) == null ? void 0 : _a[key]) || _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, this.settings);
+    console.log(
+      "NextjsCookieStorage.set",
+      JSON.stringify(
+        { key, value, config: this.config, cookieSettings },
+        null,
+        2
+      )
+    );
+    _headersjs.cookies.call(void 0, ).set(key, value, cookieSettings);
+  }
+};
+var NextjsClientStorage = class extends _chunk6RFRDWIPjs.CookieStorage {
+  constructor(config = {}) {
+    super(_chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, config), {
+      secure: false,
+      httpOnly: false
+    }));
+  }
+  get(key) {
+    var _a;
+    return ((_a = _headersjs.cookies.call(void 0, ).get(key)) == null ? void 0 : _a.value) || null;
+  }
+  set(key, value) {
+    _headersjs.cookies.call(void 0, ).set(key, value, this.settings);
+  }
+};
+
+// src/nextjs/utils.ts
+var resolveCallbackUrl = (config, baseUrl) => {
+  const callbackUrl = new URL(config == null ? void 0 : config.callbackUrl, baseUrl).toString();
+  return callbackUrl.toString();
+};
+
+
+
+
+
+
+
+
+
+
+
+
+exports.loggers = loggers; exports.defaultAuthConfig = defaultAuthConfig; exports.resolveAuthConfig = resolveAuthConfig; exports.createCivicAuthPlugin = createCivicAuthPlugin; exports.createTokenCookies = createTokenCookies; exports.createUserInfoCookie = createUserInfoCookie; exports.clearAuthCookies = clearAuthCookies; exports.NextjsCookieStorage = NextjsCookieStorage; exports.NextjsClientStorage = NextjsClientStorage; exports.resolveCallbackUrl = resolveCallbackUrl;
+//# sourceMappingURL=chunk-2TDB4XWE.js.map

package/dist/chunk-2TDB4XWE.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/chunk-2TDB4XWE.js","../src/lib/logger.ts","../src/nextjs/config.ts","../src/nextjs/cookies.ts","../src/nextjs/utils.ts"],"names":[],"mappings":"AAAA;AACE;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACF,sDAA4B;AAC5B;AACA;ACfA,4EAAkB;AAElB,IAAM,aAAA,EAAe,aAAA;AASrB,IAAM,YAAA,EAAN,MAAoC;AAAA,EAMlC,WAAA,CAAY,SAAA,EAAmB;AAE7B,IAAA,IAAA,CAAK,YAAA,EAAc,6BAAA,CAAM,EAAA;AACD,IAAA;AACA,IAAA;AACC,IAAA;AAEA,IAAA;AACD,IAAA;AACA,IAAA;AACC,IAAA;AAC3B,EAAA;AAEiD,EAAA;AACrB,IAAA;AAC5B,EAAA;AAEgD,EAAA;AACrB,IAAA;AAC3B,EAAA;AAEgD,EAAA;AACrB,IAAA;AAC3B,EAAA;AAEiD,EAAA;AACrB,IAAA;AAC5B,EAAA;AACF;AAE6B;AAIN;AAAA;AAEb,EAAA;AACe,IAAA;AACI,IAAA;AACf,IAAA;AACW,MAAA;AACrB,IAAA;AACF,EAAA;AAAA;AAEO,EAAA;AACoB,IAAA;AACL,IAAA;AACE,IAAA;AACxB,EAAA;AAAA;AAEU,EAAA;AACiB,IAAA;AACH,IAAA;AACxB,EAAA;AACF;ADP8B;AACA;AErDA;AAuBlB;AACkB;AAEF;AAChB;AAI+D;AAC5D,EAAA;AACA,EAAA;AACC,EAAA;AACH,EAAA;AACD,EAAA;AACI,EAAA;AACJ,EAAA;AACD,EAAA;AACC,IAAA;AACN,MAAA;AACU,QAAA;AACE,QAAA;AACA,QAAA;AACJ,QAAA;AACR,MAAA;AACA,MAAA;AACU,QAAA;AACE,QAAA;AACA,QAAA;AACJ,QAAA;AACR,MAAA;AACA,MAAA;AACU,QAAA;AACE,QAAA;AACA,QAAA;AACJ,QAAA;AACR,MAAA;AACA,MAAA;AACU,QAAA;AACE,QAAA;AACA,QAAA;AACJ,QAAA;AACR,MAAA;AACF,IAAA;AACM,IAAA;AACI,MAAA;AACE,MAAA;AACA,MAAA;AACJ,MAAA;AACO,MAAA;AAAA;AACf,IAAA;AACF,EAAA;AACF;AAoBE;AA1GF,EAAA;AA6GwB,EAAA;AACE,IAAA;AACG,IAAA;AACA,IAAA;AACC,IAAA;AACJ,IAAA;AACC,IAAA;AACN,IAAA;AACA,IAAA;AACI,IAAA;AAGtB,EAAA;AACoB,EAAA;AAAA;AAIV,IAAA;AACC,MAAA;AAKF,MAAA;AAKR,IAAA;AACF,EAAA;AAEO,EAAA;AACL,IAAA;AACe,IAAA;AACjB,EAAA;AACa,EAAA;AACI,EAAA;AACC,IAAA;AAClB,EAAA;AACO,EAAA;AACT;AA0BE;AAEoC,EAAA;AAC3B,IAAA;AACL,MAAA;AACe,MAAA;AACjB,IAAA;AACuB,IAAA;AAChB,IAAA;AAEA,MAAA;AAAA;AAGH,QAAA;AACqB,QAAA;AACrB,QAAA;AACA,QAAA;AACA,QAAA;AACA,QAAA;AACsB,QAAA;AACA,QAAA;AACtB,QAAA;AACF,MAAA;AACF,IAAA;AACF,EAAA;AACF;AF/B8B;AACA;AGtKN;AAStB;AAbF,EAAA;AAiBiB,EAAA;AACO,EAAA;AAEpB,IAAA;AACF,EAAA;AAEgB,EAAA;AACO,IAAA;AAET,MAAA;AACX,IAAA;AACH,EAAA;AAEyB,EAAA;AACF,IAAA;AAET,MAAA;AACX,IAAA;AACH,EAAA;AAEgB,EAAA;AACO,IAAA;AAET,MAAA;AACX,IAAA;AACH,EAAA;AACF;AAME;AAjDF,EAAA;AAsDa,EAAA;AACY,IAAA;AAEX,MAAA;AACT,IAAA;AACD,IAAA;AACF,EAAA;AACe,EAAA;AAGM,EAAA;AAQA,EAAA;AAEnB,IAAA;AACD,EAAA;AACH;AAKgC;AAjFhC,EAAA;AAmF4B,EAAA;AACD,EAAA;AAGC,EAAA;AACF,EAAA;AACJ,EAAA;AACtB;AAGA;AACiE,EAAA;AACvD,IAAA;AACI,MAAA;AACE,MAAA;AACX,IAAA;AAJkB,IAAA;AAKrB,EAAA;AAEgC,EAAA;AArGlC,IAAA;AAsGqB,IAAA;AACnB,EAAA;AAEyC,EAAA;AAzG3C,IAAA;AA0G2B,IAAA;AAGf,IAAA;AACN,MAAA;AACK,MAAA;AACmB,QAAA;AACtB,QAAA;AACA,QAAA;AACF,MAAA;AACF,IAAA;AAC0B,IAAA;AAC5B,EAAA;AACF;AAEA;AAC2D,EAAA;AACjD,IAAA;AAEI,MAAA;AACE,MAAA;AACX,IAAA;AACH,EAAA;AAEgC,EAAA;AAlIlC,IAAA;AAmIqB,IAAA;AACnB,EAAA;AAEsC,EAAA;AACV,IAAA;AAC5B,EAAA;AACF;AHwH8B;AACA;AI/P5B;AAG4B,EAAA;AACA,EAAA;AAC9B;AJ+P8B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA","file":"/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/chunk-2TDB4XWE.js","sourcesContent":[null,"import debug from \"debug\";\n\nconst PACKAGE_NAME = \"@civic/auth\";\n\nexport interface Logger {\n  debug(message: string, ...args: unknown[]): void;\n  info(message: string, ...args: unknown[]): void;\n  warn(message: string, ...args: unknown[]): void;\n  error(message: string, ...args: unknown[]): void;\n}\n\nclass DebugLogger implements Logger {\n  private debugLogger: debug.Debugger;\n  private infoLogger: debug.Debugger;\n  private warnLogger: debug.Debugger;\n  private errorLogger: debug.Debugger;\n\n  constructor(namespace: string) {\n    // Format: @org/package:library:component:level\n    this.debugLogger = debug(`${PACKAGE_NAME}:${namespace}:debug`);\n    this.infoLogger = debug(`${PACKAGE_NAME}:${namespace}:info`);\n    this.warnLogger = debug(`${PACKAGE_NAME}:${namespace}:warn`);\n    this.errorLogger = debug(`${PACKAGE_NAME}:${namespace}:error`);\n\n    this.debugLogger.color = \"4\";\n    this.infoLogger.color = \"2\";\n    this.warnLogger.color = \"3\";\n    this.errorLogger.color = \"1\";\n  }\n\n  debug(message: string, ...args: unknown[]): void {\n    this.debugLogger(message, ...args);\n  }\n\n  info(message: string, ...args: unknown[]): void {\n    this.infoLogger(message, ...args);\n  }\n\n  warn(message: string, ...args: unknown[]): void {\n    this.warnLogger(message, ...args);\n  }\n\n  error(message: string, ...args: unknown[]): void {\n    this.errorLogger(message, ...args);\n  }\n}\n\nexport const createLogger = (namespace: string): Logger =>\n  new DebugLogger(namespace);\n\n// Pre-configured loggers for different parts of your package\nexport const loggers = {\n  // Next.js specific loggers\n  nextjs: {\n    routes: createLogger(\"api:routes\"),\n    middleware: createLogger(\"api:middleware\"),\n    handlers: {\n      auth: createLogger(\"api:handlers:auth\"),\n    },\n  },\n  // React specific loggers\n  react: {\n    components: createLogger(\"react:components\"),\n    hooks: createLogger(\"react:hooks\"),\n    context: createLogger(\"react:context\"),\n  },\n  // Shared utilities loggers\n  services: {\n    validation: createLogger(\"utils:validation\"),\n    network: createLogger(\"utils:network\"),\n  },\n} as const;\n","/* eslint-disable turbo/no-undeclared-env-vars */\nimport { NextConfig } from \"next\";\nimport { loggers } from \"@/lib/logger\";\nimport { withoutUndefined } from \"@/utils\";\nimport {\n  CodeVerifier,\n  CookieConfig,\n  OAuthTokens,\n  TokensCookieConfig,\n} from \"@/shared/types\";\nimport { DEFAULT_AUTH_SERVER } from \"@/constants\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nexport type CookiesConfigObject = {\n  tokens: TokensCookieConfig;\n  user: CookieConfig;\n};\n\nexport type AuthConfigWithDefaults = {\n  clientId: string;\n  oauthServer: string;\n  callbackUrl: string;\n  loginUrl: string;\n  logoutUrl: string;\n  challengeUrl: string;\n  include: string[];\n  exclude: string[];\n  cookies: CookiesConfigObject;\n};\n\nexport type AuthConfig = Partial<AuthConfigWithDefaults>;\n\nexport type DefinedAuthConfig = AuthConfigWithDefaults;\n\nconsole.log(`process.env.NODE_ENV: ${process.env.NODE_ENV}`);\nconst isDevelopment = process.env.NODE_ENV === \"development\";\n\nconst defaultServerSecure = isDevelopment ? false : true;\nconsole.log(`defaultServerSecure: ${defaultServerSecure}`);\n/**\n * Default configuration values that will be used if not overridden\n */\nexport const defaultAuthConfig: Omit<AuthConfigWithDefaults, \"clientId\"> = {\n  oauthServer: DEFAULT_AUTH_SERVER,\n  callbackUrl: \"/api/auth/callback\",\n  challengeUrl: \"/api/auth/challenge\",\n  logoutUrl: \"/api/auth/logout\",\n  loginUrl: \"/\",\n  include: [\"/*\"],\n  exclude: [],\n  cookies: {\n    tokens: {\n      [OAuthTokens.ID_TOKEN]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n      [OAuthTokens.ACCESS_TOKEN]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n      [OAuthTokens.REFRESH_TOKEN]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n      [CodeVerifier.COOKIE_NAME]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n    },\n    user: {\n      secure: defaultServerSecure,\n      httpOnly: false,\n      sameSite: \"strict\",\n      path: \"/\",\n      maxAge: 60 * 60, // 1 hour\n    },\n  },\n};\n\n/**\n * Resolves the authentication configuration by combining:\n * 1. Default values\n * 2. Environment variables (set internally by the plugin)\n * 3. Explicitly passed configuration\n *\n * Note: Developers should not set _civic_auth_* environment variables directly.\n * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n *   callbackUrl: '/custom/callback',\n * })\n * ```\n */\nexport const resolveAuthConfig = (\n  config: AuthConfig = {},\n): AuthConfigWithDefaults => {\n  // Read configuration that was set by the plugin via environment variables\n  const configFromEnv = withoutUndefined({\n    clientId: process.env._civic_auth_client_id,\n    oauthServer: process.env._civic_oauth_server,\n    callbackUrl: process.env._civic_auth_callback_url,\n    challengeUrl: process.env._civic_auth_challenge_url,\n    loginUrl: process.env._civic_auth_login_url,\n    logoutUrl: process.env._civic_auth_logout_url,\n    include: process.env._civic_auth_includes?.split(\",\"),\n    exclude: process.env._civic_auth_excludes?.split(\",\"),\n    cookies: process.env._civic_auth_cookie_config\n      ? JSON.parse(process.env._civic_auth_cookie_config)\n      : undefined,\n  }) as AuthConfig;\n  const mergedConfig = {\n    ...defaultAuthConfig,\n    ...configFromEnv, // Apply plugin-set config\n    ...config, // Override with directly passed config\n    cookies: {\n      tokens: {\n        ...defaultAuthConfig.cookies.tokens,\n        ...(configFromEnv?.cookies?.tokens || {}),\n        ...(config.cookies?.tokens || {}),\n      },\n      user: {\n        ...defaultAuthConfig.cookies.user,\n        ...(configFromEnv?.cookies?.user || {}),\n        ...(config.cookies?.user || {}),\n      },\n    },\n  };\n\n  logger.debug(\n    \"Config from environment:\",\n    JSON.stringify(configFromEnv, null, 2),\n  );\n  logger.debug(\"Resolved config:\", JSON.stringify(mergedConfig, null, 2));\n  if (mergedConfig.clientId === undefined) {\n    throw new Error(\"Civic Auth client ID is required\");\n  }\n  return mergedConfig as AuthConfigWithDefaults & { clientId: string };\n};\n\n/**\n * Creates a Next.js plugin that handles auth configuration.\n *\n * This is the main configuration point for the auth system.\n * Do not set _civic_auth_* environment variables directly - instead,\n * pass your configuration here:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n *   clientId: 'my-client-id',\n *   callbackUrl: '/custom/callback',\n *   loginUrl: '/custom/login',\n *   logoutUrl: '/custom/logout',\n *   include: ['/protected/*'],\n *   exclude: ['/public/*']\n * })\n * ```\n *\n * The plugin sets internal environment variables that are used by\n * the auth system. These variables should not be set manually.\n */\nexport const createCivicAuthPlugin = (\n  authConfig: AuthConfig & Pick<Required<AuthConfig>, \"clientId\">,\n) => {\n  return (nextConfig?: NextConfig) => {\n    logger.debug(\n      \"createCivicAuthPlugin nextConfig\",\n      JSON.stringify(nextConfig, null, 2),\n    );\n    const resolvedConfig = resolveAuthConfig({ ...authConfig });\n    return {\n      ...nextConfig,\n      env: {\n        ...nextConfig?.env,\n        // Internal environment variables - do not set these manually\n        _civic_auth_client_id: resolvedConfig.clientId,\n        _civic_oauth_server: resolvedConfig.oauthServer,\n        _civic_auth_callback_url: resolvedConfig.callbackUrl,\n        _civic_auth_challenge_url: resolvedConfig.challengeUrl,\n        _civic_auth_login_url: resolvedConfig.loginUrl,\n        _civic_auth_logout_url: resolvedConfig.logoutUrl,\n        _civic_auth_includes: resolvedConfig.include.join(\",\"),\n        _civic_auth_excludes: resolvedConfig.exclude.join(\",\"),\n        _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies),\n      },\n    };\n  };\n};\n","import { SessionData, UnknownObject, User } from \"@/types\";\nimport { NextResponse } from \"next/server\";\nimport { AuthConfig } from \"@/nextjs/config\";\nimport { CookieStorage, CookieStorageSettings } from \"@/server\";\nimport { cookies } from \"next/headers.js\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\nimport { clearTokens } from \"@/shared/util\";\nimport { CodeVerifier, OAuthTokens, TokensCookieConfig } from \"@/shared/types\";\n\n/**\n * Creates HTTP-only cookies for authentication tokens\n */\nconst createTokenCookies = (\n  response: NextResponse,\n  sessionData: SessionData,\n  config: AuthConfig,\n) => {\n  const maxAge = sessionData.expiresIn ?? 3600;\n  const cookieOptions = {\n    ...config.cookies?.tokens,\n    maxAge,\n  };\n\n  if (sessionData.accessToken) {\n    response.cookies.set(\"access_token\", sessionData.accessToken, {\n      ...cookieOptions,\n      httpOnly: true,\n    });\n  }\n\n  if (sessionData.idToken) {\n    response.cookies.set(\"id_token\", sessionData.idToken, {\n      ...cookieOptions,\n      httpOnly: true,\n    });\n  }\n\n  if (sessionData.refreshToken) {\n    response.cookies.set(\"refresh_token\", sessionData.refreshToken, {\n      ...cookieOptions,\n      httpOnly: true,\n    });\n  }\n};\n\n/**\n * Creates a client-readable cookie with user info\n */\nconst createUserInfoCookie = (\n  response: NextResponse,\n  user: User<UnknownObject> | null,\n  sessionData: SessionData,\n  config: AuthConfig,\n) => {\n  if (!user) {\n    response.cookies.set(\"user\", \"\", {\n      ...config.cookies?.user,\n      maxAge: 0,\n    });\n    return;\n  }\n  const maxAge = sessionData.expiresIn ?? 3600;\n\n  // TODO select fields to include in the user cookie\n  const frontendUser = {\n    ...user,\n  };\n\n  // TODO make call to get user info from the\n  // auth server /userinfo endpoint when it's available\n  // then add to the default claims above\n\n  response.cookies.set(\"user\", JSON.stringify(frontendUser), {\n    ...config.cookies?.user,\n    maxAge,\n  });\n};\n\n/**\n * Clears all authentication cookies\n */\nconst clearAuthCookies = async (config: AuthConfig) => {\n  // clear session, and tokens\n  const cookieStorage = new NextjsCookieStorage(config.cookies?.tokens);\n  clearTokens(cookieStorage);\n\n  // clear user\n  const clientStorage = new NextjsClientStorage();\n  const userSession = new GenericUserSession(clientStorage);\n  userSession.set(null);\n};\n\ntype KeySetter = OAuthTokens | CodeVerifier;\nclass NextjsCookieStorage extends CookieStorage {\n  constructor(readonly config: Partial<TokensCookieConfig> = {}) {\n    super({\n      secure: true,\n      httpOnly: true,\n    });\n  }\n\n  get(key: string): string | null {\n    return cookies().get(key)?.value || null;\n  }\n\n  set(key: KeySetter, value: string): void {\n    const cookieSettings = this.config?.[key as KeySetter] || {\n      ...this.settings,\n    };\n    console.log(\n      \"NextjsCookieStorage.set\",\n      JSON.stringify(\n        { key, value, config: this.config, cookieSettings },\n        null,\n        2,\n      ),\n    );\n    cookies().set(key, value, cookieSettings);\n  }\n}\n\nclass NextjsClientStorage extends CookieStorage {\n  constructor(config: Partial<CookieStorageSettings> = {}) {\n    super({\n      ...config,\n      secure: false,\n      httpOnly: false,\n    });\n  }\n\n  get(key: string): string | null {\n    return cookies().get(key)?.value || null;\n  }\n\n  set(key: string, value: string): void {\n    cookies().set(key, value, this.settings);\n  }\n}\n\nexport {\n  createTokenCookies,\n  createUserInfoCookie,\n  clearAuthCookies,\n  NextjsCookieStorage,\n  NextjsClientStorage,\n};\n","import { AuthConfigWithDefaults } from \"@/nextjs/config\";\n\nexport const resolveCallbackUrl = (\n  config: AuthConfigWithDefaults,\n  baseUrl?: string,\n): string => {\n  const callbackUrl = new URL(config?.callbackUrl, baseUrl).toString();\n  return callbackUrl.toString();\n};\n"]}