@civic/auth 0.0.1-beta.29 → 0.0.1-beta.3

package/dist/chunk-VXIWRZWU.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/chunk-VXIWRZWU.js","../src/utils.ts","../src/shared/types.ts","../src/shared/util.ts","../src/lib/oauth.ts","../src/constants.ts"],"names":["NextjsServerCookies"],"mappings":"AAAA;AACE;AACA;AACF,sDAA4B;AAC5B;AACA;ACLA,4BAAsC;AACtC,+CAAwB;AAUxB,IAAM,eAAA,EAAiB,CAAA,EAAA,GAAe;AAEpC,EAAA,MAAM,MAAA,EAAQ,MAAA,CAAO,IAAA,CAAK,EAAA,EAAI,EAAA,EAAI,kBAAkB,CAAA;AAGpD,EAAA,GAAA,CAAI,CAAC,KAAA,EAAO;AACV,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI;AAEF,IAAA,GAAA,CAAI,OAAO,KAAA,CAAM,OAAA,IAAW,WAAA,EAAa;AACvC,MAAA,MAAM,IAAI,KAAA,CAAM,kBAAkB,CAAA;AAAA,IACpC;AAAA,EACF,EAAA,MAAA,CAAQ,CAAA,EAAA;AAEN,IAAA,OAAO,IAAA;AAAA,EACT;AAGA,EAAA,KAAA,CAAM,KAAA,CAAM,CAAA;AACZ,EAAA,OAAO,KAAA;AACT,CAAA;AAEA,IAAM,GAAA,EAAK,CAAA,GAAI,MAAA,EAAA,GAAyB;AACtC,EAAA,OAAO,oCAAA,wBAAQ,MAAW,CAAC,CAAA;AAC7B,CAAA;AAUO,IAAM,iBAAA,EAAmB,CAC9B,GAAA,EAAA,GACwB;AACxB,EAAA,MAAM,OAAA,EAAS,CAAC,CAAA;AAEhB,EAAA,IAAA,CAAA,MAAW,IAAA,GAAO,GAAA,EAAK;AACrB,IAAA,GAAA,CAAI,GAAA,CAAI,GAAG,EAAA,IAAM,KAAA,CAAA,EAAW;AAI1B,MAAC,MAAA,CAAe,GAAG,EAAA,EAAI,GAAA,CAAI,GAAG,CAAA;AAAA,IAChC;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT,CAAA;AD3BA;AACA;AEpCO,IAAK,oBAAA,kBAAL,CAAA,CAAKA,oBAAAA,EAAAA,GAAL;AACL,EAAAA,oBAAAA,CAAA,UAAA,EAAA,EAAW,UAAA;AACX,EAAAA,oBAAAA,CAAA,cAAA,EAAA,EAAe,cAAA;AACf,EAAAA,oBAAAA,CAAA,eAAA,EAAA,EAAgB,eAAA;AAHN,EAAA,OAAAA,oBAAAA;AAAA,CAAA,CAAA,CAAA,oBAAA,GAAA,CAAA,CAAA,CAAA;AF2CZ;AACA;AGlCA,qCAA6B;AHoC7B;AACA;AI9CA,4BAA2B;AAE3B,IAAM,oBAAA,EAAsB,CAAC,MAAA,EAAA,GAA6B;AACxD,EAAA,MAAM,mBAAA,EAAqB,MAAA,CAAO,QAAA,CAAS,GAAG,EAAA,EAC1C,MAAA,CAAO,KAAA,CAAM,CAAA,EAAG,MAAA,CAAO,OAAA,EAAS,CAAC,EAAA,EACjC,MAAA;AAEJ,EAAA,MAAM,gBAAA,EAAkB,CAAA,EAAA;AAEhB,EAAA;AACV;AAE0B;AAGO;AACzB,EAAA;AACgB,IAAA;AACtB,EAAA;AAEG,EAAA;AACI,EAAA;AACc,IAAA;AACA,IAAA;AACC,IAAA;AACG,IAAA;AACzB,EAAA;AACF;AAOuB;AACG,EAAA;AACX,IAAA;AACX,IAAA;AACD,EAAA;AAEqB,EAAA;AACxB;AAQ6B;AAIvB,EAAA;AACiB,IAAA;AAED,IAAA;AACR,EAAA;AACI,IAAA;AACP,IAAA;AACT,EAAA;AACF;AJqB2B;AACA;AGxEL;AAQA;AAGH,EAAA;AACF,IAAA;AACA,MAAA;AACN,MAAA;AACT,IAAA;AAEoB,IAAA;AACC,IAAA;AACA,IAAA;AACF,IAAA;AAIrB,EAAA;AAAA;AAEsB;AAGpB,EAAA;AACkB,IAAA;AACX,IAAA;AAIT,EAAA;AAAA;AAEsB;AASL,EAAA;AACG,IAAA;AACT,MAAA;AACA,MAAA;AACT,IAAA;AACqB,IAAA;AACZ,MAAA;AACA,MAAA;AACP,MAAA;AACF,IAAA;AACkB,IAAA;AACK,IAAA;AACP,MAAA;AACC,MAAA;AAChB,IAAA;AAGqB,IAAA;AACA,IAAA;AACf,IAAA;AACT,EAAA;AAAA;AAEsB;AAOL,EAAA;AAEG,IAAA;AACH,IAAA;AACjB,EAAA;AAAA;AAGE;AAIW,EAAA;AACT,IAAA;AACU,IAAA;AACA,IAAA;AAAA;AAEK,IAAA;AACjB,EAAA;AACF;AAGE;AAMA,EAAA;AACqB,IAAA;AACF,IAAA;AAGX,IAAA;AACJ,MAAA;AACD,IAAA;AAGC,IAAA;AACI,MAAA;AACQ,IAAA;AACA,MAAA;AACJ,MAAA;AACR,QAAA;AACF,MAAA;AACF,IAAA;AAEO,IAAA;AACT,EAAA;AAAA;AAGE;AAIQ,EAAA;AACA,EAAA;AACG,EAAA;AACD,IAAA;AACZ;AAE4B;AACZ,EAAA;AACU,IAAA;AACvB,EAAA;AACH;AAGE;AAEwB,EAAA;AACJ,EAAA;AACC,EAAA;AAEJ,EAAA;AAEV,EAAA;AACK,IAAA;AACI,IAAA;AACC,IAAA;AACjB,EAAA;AACF;AAEsB;AAKG,EAAA;AACL,IAAA;AAGZ,IAAA;AACG,MAAA;AACP,MAAA;AACA,MAAA;AACU,QAAA;AACE,QAAA;AACZ,MAAA;AACF,IAAA;AAGM,IAAA;AACG,MAAA;AACP,MAAA;AACA,MAAA;AACU,QAAA;AACV,MAAA;AACF,IAAA;AAEO,IAAA;AACK,MAAA;AACI,MAAA;AACC,MAAA;AAChB,IAAA;AACH,EAAA;AAAA;AHI2B;AACA;AK9MJ;AACrB,EAAA;AACA,EAAA;AACA,EAAA;AACA,EAAA;AACA,EAAA;AACF;AACkB;AAEE;AL+MO;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA","file":"/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/chunk-VXIWRZWU.js","sourcesContent":[null,"import { clsx, type ClassValue } from \"clsx\";\nimport { twMerge } from \"tailwind-merge\";\n\n/**\n * Checks if a popup window is blocked by the browser.\n *\n * This function attempts to open a small popup window and then checks if it was successfully created.\n * If the popup is blocked by the browser, the function returns `true`. Otherwise, it returns `false`.\n *\n * @returns {boolean} - `true` if the popup is blocked, `false` otherwise.\n */\nconst isPopupBlocked = (): boolean => {\n  // First we try to open a small popup window. It either returns a window object or null.\n  const popup = window.open(\"\", \"\", \"width=1,height=1\");\n\n  // If window.open() returns null, popup is definitely blocked\n  if (!popup) {\n    return true;\n  }\n\n  try {\n    // Try to access a property of the popup to check if it's usable\n    if (typeof popup.closed === \"undefined\") {\n      throw new Error(\"Popup is blocked\");\n    }\n  } catch {\n    // Accessing the popup's properties throws an error if the popup is blocked\n    return true;\n  }\n\n  // Close the popup immediately if it was opened\n  popup.close();\n  return false;\n};\n\nconst cn = (...inputs: ClassValue[]) => {\n  return twMerge(clsx(inputs));\n};\n\n// This type narrows T as far as it can by:\n// - removing all keys where the value is `undefined`\n// - making keys that are not undefined required\n// So, for example: given { a: string | undefined, b: string | undefined },\n// if you pass in { a: \"foo\" }, it returns an object of type: { a: string }\ntype WithoutUndefined<T> = {\n  [K in keyof T as undefined extends T[K] ? never : K]: T[K];\n};\nexport const withoutUndefined = <T extends { [K in keyof T]: unknown }>(\n  obj: T,\n): WithoutUndefined<T> => {\n  const result = {} as WithoutUndefined<T>;\n\n  for (const key in obj) {\n    if (obj[key] !== undefined) {\n      // TypeScript needs assurance that key is a valid key in WithoutUndefined<T>\n      // We use type assertion here\n      // eslint-disable-next-line @typescript-eslint/no-explicit-any\n      (result as any)[key] = obj[key];\n    }\n  }\n\n  return result;\n};\n\nexport { cn, isPopupBlocked };\n","export enum NextjsServerCookies {\n  ID_TOKEN = \"id_token\",\n  ACCESS_TOKEN = \"access_token\",\n  REFRESH_TOKEN = \"refresh_token\",\n}\n\nexport enum NextjsClientCookies {\n  USER = \"user\",\n}\n","// Utility functions shared by auth server and client integrations\n// Typically these functions should be used inside AuthenticationInitiator and AuthenticationResolver implementations\n\nimport {\n  Endpoints,\n  JWTPayload,\n  OIDCTokenResponseBody,\n  ParsedTokens,\n} from \"@/types.js\";\nimport { NextjsServerCookies } from \"./types\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { getIssuerVariations, getOauthEndpoints } from \"@/lib/oauth.js\";\nimport * as jose from \"jose\";\nimport { withoutUndefined } from \"@/utils.js\";\nimport { AuthStorage } from \"@/shared/storage.js\";\nimport { PKCEConsumer, PKCEProducer } from \"@/services/types.js\";\n\n/**\n * Given a PKCE code verifier, derive the code challenge using SHA\n */\nexport async function deriveCodeChallenge(\n  codeVerifier: string,\n  method: \"Plain\" | \"S256\" = \"S256\",\n): Promise<string> {\n  if (method === \"Plain\") {\n    console.warn(\"Using insecure plain code challenge method\");\n    return codeVerifier;\n  }\n\n  const encoder = new TextEncoder();\n  const data = encoder.encode(codeVerifier);\n  const digest = await crypto.subtle.digest(\"SHA-256\", data);\n  return btoa(String.fromCharCode(...new Uint8Array(digest)))\n    .replace(/\\+/g, \"-\")\n    .replace(/\\//g, \"_\")\n    .replace(/=+$/, \"\");\n}\n\nexport async function getEndpointsWithOverrides(\n  oauthServer: string,\n  endpointOverrides: Partial<Endpoints> = {},\n) {\n  const endpoints = await getOauthEndpoints(oauthServer);\n  return {\n    ...endpoints,\n    ...endpointOverrides,\n  };\n}\n\nexport async function generateOauthLoginUrl(config: {\n  clientId: string;\n  scopes: string[];\n  state: string;\n  redirectUrl: string;\n  oauthServer: string;\n  endpointOverrides?: Partial<Endpoints>;\n  // used to get the PKCE challenge\n  pkceConsumer: PKCEConsumer;\n}): Promise<URL> {\n  const endpoints = await getEndpointsWithOverrides(\n    config.oauthServer,\n    config.endpointOverrides,\n  );\n  const oauth2Client = buildOauth2Client(\n    config.clientId,\n    config.redirectUrl,\n    endpoints,\n  );\n  const challenge = await config.pkceConsumer.getCodeChallenge();\n  const oAuthUrl = await oauth2Client.createAuthorizationURL({\n    state: config.state,\n    scopes: config.scopes,\n  });\n  // The OAuth2 client supports PKCE, but does not allow passing in a code challenge from some other source\n  // It only allows passing in a code verifier which it then hashes itself.\n  oAuthUrl.searchParams.append(\"code_challenge\", challenge);\n  oAuthUrl.searchParams.append(\"code_challenge_method\", \"S256\");\n  return oAuthUrl;\n}\n\nexport async function generateOauthLogoutUrl(config: {\n  clientId: string;\n  scopes: string[];\n  oauthServer: string;\n  endpointOverrides?: Partial<Endpoints>;\n  // used to get the PKCE challenge\n  pkceConsumer: PKCEConsumer;\n}): Promise<URL> {\n  // TODO\n  console.log(config);\n  return new URL(\"http://localhost\");\n}\n\nexport function buildOauth2Client(\n  clientId: string,\n  redirectUri: string,\n  endpoints: Endpoints,\n): OAuth2Client {\n  return new OAuth2Client(\n    clientId,\n    endpoints.auth,\n    endpoints.token,\n    // this\n    { redirectURI: redirectUri },\n  );\n}\n\nexport async function exchangeTokens(\n  code: string,\n  state: string,\n  pkceProducer: PKCEProducer,\n  oauth2Client: OAuth2Client,\n  oauthServer: string,\n  endpoints: Endpoints,\n) {\n  const codeVerifier = await pkceProducer.getCodeVerifier();\n  if (!codeVerifier) throw new Error(\"Code verifier not found in state\");\n\n  const tokens =\n    await oauth2Client.validateAuthorizationCode<OIDCTokenResponseBody>(code, {\n      codeVerifier,\n    });\n\n  // Validate relevant tokens\n  try {\n    await validateOauth2Tokens(tokens, endpoints, oauth2Client, oauthServer);\n  } catch (error) {\n    console.error(\"tokenExchange error\", { error, tokens });\n    throw new Error(\n      `OIDC tokens validation failed: ${(error as Error).message}`,\n    );\n  }\n\n  return tokens;\n}\n\nexport function storeTokens(\n  storage: AuthStorage,\n  tokens: OIDCTokenResponseBody,\n) {\n  // store tokens in storage ( TODO we should probably store them against the state to allow multiple logins )\n  storage.set(NextjsServerCookies.ID_TOKEN, tokens.id_token);\n  storage.set(NextjsServerCookies.ACCESS_TOKEN, tokens.access_token);\n  if (tokens.refresh_token)\n    storage.set(NextjsServerCookies.REFRESH_TOKEN, tokens.refresh_token);\n}\n\nexport function clearTokens(storage: AuthStorage) {\n  Object.values(NextjsServerCookies).forEach((cookie) => {\n    storage.set(cookie, \"\");\n  });\n}\n\nexport function retrieveTokens(\n  storage: AuthStorage,\n): OIDCTokenResponseBody | null {\n  const idToken = storage.get(NextjsServerCookies.ID_TOKEN);\n  const accessToken = storage.get(NextjsServerCookies.ACCESS_TOKEN);\n  const refreshToken = storage.get(NextjsServerCookies.REFRESH_TOKEN);\n\n  if (!idToken || !accessToken) return null;\n\n  return {\n    id_token: idToken,\n    access_token: accessToken,\n    refresh_token: refreshToken ?? undefined,\n  };\n}\n\nexport async function validateOauth2Tokens(\n  tokens: OIDCTokenResponseBody,\n  endpoints: Endpoints,\n  oauth2Client: OAuth2Client,\n  oauthServer: string,\n): Promise<ParsedTokens> {\n  const JWKS = jose.createRemoteJWKSet(new URL(endpoints.jwks));\n\n  // validate the ID token\n  const idTokenResponse = await jose.jwtVerify<JWTPayload>(\n    tokens.id_token,\n    JWKS,\n    {\n      issuer: getIssuerVariations(oauthServer),\n      audience: oauth2Client.clientId,\n    },\n  );\n\n  // validate the access token\n  const accessTokenResponse = await jose.jwtVerify<JWTPayload>(\n    tokens.access_token,\n    JWKS,\n    {\n      issuer: getIssuerVariations(oauthServer),\n    },\n  );\n\n  return withoutUndefined({\n    id_token: idTokenResponse.payload,\n    access_token: accessTokenResponse.payload,\n    refresh_token: tokens.refresh_token,\n  });\n}\n","import { DisplayMode, Endpoints, OpenIdConfiguration } from \"@/types\";\nimport { v4 as uuid } from \"uuid\";\n\nconst getIssuerVariations = (issuer: string): string[] => {\n  const issuerWithoutSlash = issuer.endsWith(\"/\")\n    ? issuer.slice(0, issuer.length - 1)\n    : issuer;\n\n  const issuerWithSlash = `${issuerWithoutSlash}/`;\n\n  return [issuerWithoutSlash, issuerWithSlash];\n};\n\nconst addSlashIfNeeded = (url: string): string =>\n  url.endsWith(\"/\") ? url : `${url}/`;\n\nconst getOauthEndpoints = async (oauthServer: string): Promise<Endpoints> => {\n  const openIdConfigResponse = await fetch(\n    `${addSlashIfNeeded(oauthServer)}.well-known/openid-configuration`,\n  );\n  const openIdConfig =\n    (await openIdConfigResponse.json()) as OpenIdConfiguration;\n  return {\n    jwks: openIdConfig.jwks_uri,\n    auth: openIdConfig.authorization_endpoint,\n    token: openIdConfig.token_endpoint,\n    userinfo: openIdConfig.userinfo_endpoint,\n  };\n};\n\n/**\n * creates a state string for the OAuth2 flow, encoding the display mode too for future use\n * @param {DisplayMode} displayMode\n * @returns {string}\n */\nconst generateState = (displayMode: DisplayMode): string => {\n  const jsonString = JSON.stringify({\n    uuid: uuid(),\n    displayMode,\n  });\n\n  return btoa(jsonString);\n};\n\n/**\n * parses the state string from the OAuth2 flow, decoding the display mode too\n * @param state\n * @param sessionDisplayMode\n * @returns { uuid: string, displayMode: DisplayMode }\n */\nconst displayModeFromState = (\n  state: string,\n  sessionDisplayMode: DisplayMode | undefined,\n): DisplayMode | undefined => {\n  try {\n    const jsonString = btoa(state);\n\n    return JSON.parse(jsonString).displayMode;\n  } catch (e) {\n    console.error(\"Failed to parse displayMode from state:\", state);\n    return sessionDisplayMode;\n  }\n};\n\nexport {\n  getIssuerVariations,\n  getOauthEndpoints,\n  displayModeFromState,\n  generateState,\n};\n","const DEFAULT_SCOPES = [\n  \"openid\",\n  \"profile\",\n  \"email\",\n  \"forwardedTokens\",\n  \"offline_access\",\n];\nconst IFRAME_ID = \"civic-auth-iframe\";\n\nconst AUTH_SERVER = \"https://auth-dev.civic.com/oauth\";\n\nexport { DEFAULT_SCOPES, IFRAME_ID, AUTH_SERVER };\n"]}

package/dist/{chunk-JDZPCA3P.js → chunk-WPISYQG3.js}

@@ -1,10 +1,6 @@
 "use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
 
 
-var _chunk7K3QN2ATjs = require('./chunk-7K3QN2AT.js');
-
-
-
 var _chunkCRTRMMJ7js = require('./chunk-CRTRMMJ7.js');
 
 // src/lib/logger.ts
@@ -59,11 +55,8 @@ var loggers = {
 
 // src/nextjs/config.ts
 var logger = loggers.nextjs.handlers.auth;
-var _a;
-var appUrl = typeof process !== "undefined" ? ((_a = process == null ? void 0 : process.env) == null ? void 0 : _a.NEXT_PUBLIC_APP_URL) || "" : "";
-var defaultServerSecure = !appUrl.startsWith("http://localhost");
 var defaultAuthConfig = {
-  oauthServer: _chunk7K3QN2ATjs.DEFAULT_AUTH_SERVER,
+  oauthServer: "https://auth-dev.civic.com/oauth",
   callbackUrl: "/api/auth/callback",
   challengeUrl: "/api/auth/challenge",
   logoutUrl: "/api/auth/logout",
@@ -72,34 +65,12 @@ var defaultAuthConfig = {
   exclude: [],
   cookies: {
     tokens: {
-      ["id_token" /* ID_TOKEN */]: {
-        secure: defaultServerSecure,
-        httpOnly: true,
-        sameSite: "strict",
-        path: "/"
-      },
-      ["access_token" /* ACCESS_TOKEN */]: {
-        secure: defaultServerSecure,
-        httpOnly: true,
-        sameSite: "strict",
-        path: "/"
-      },
-      ["refresh_token" /* REFRESH_TOKEN */]: {
-        secure: defaultServerSecure,
-        httpOnly: true,
-        sameSite: "strict",
-        path: "/"
-      },
-      ["code_verifier" /* COOKIE_NAME */]: {
-        secure: defaultServerSecure,
-        httpOnly: true,
-        sameSite: "strict",
-        path: "/"
-      }
+      sameSite: "strict",
+      path: "/",
+      maxAge: 60 * 60
+      // 1 hour
     },
     user: {
-      secure: defaultServerSecure,
-      httpOnly: false,
       sameSite: "strict",
       path: "/",
       maxAge: 60 * 60
@@ -107,10 +78,18 @@ var defaultAuthConfig = {
     }
   }
 };
+var withoutUndefined = (obj) => {
+  const result = {};
+  for (const key in obj) {
+    if (obj[key] !== void 0) {
+      result[key] = obj[key];
+    }
+  }
+  return result;
+};
 var resolveAuthConfig = (config = {}) => {
-  var _a2, _b, _c, _d, _e, _f;
-  logger.debug("resolveAuthConfig inputs", JSON.stringify(config, null, 2));
-  const configFromEnv = _chunk7K3QN2ATjs.withoutUndefined.call(void 0, {
+  var _a, _b, _c, _d;
+  const configFromEnv = withoutUndefined({
     clientId: process.env._civic_auth_client_id,
     oauthServer: process.env._civic_oauth_server,
     callbackUrl: process.env._civic_auth_callback_url,
@@ -118,22 +97,19 @@ var resolveAuthConfig = (config = {}) => {
     loginUrl: process.env._civic_auth_login_url,
     appUrl: process.env._civic_auth_app_url,
     logoutUrl: process.env._civic_auth_logout_url,
-    include: (_a2 = process.env._civic_auth_includes) == null ? void 0 : _a2.split(","),
+    include: (_a = process.env._civic_auth_includes) == null ? void 0 : _a.split(","),
     exclude: (_b = process.env._civic_auth_excludes) == null ? void 0 : _b.split(","),
     cookies: process.env._civic_auth_cookie_config ? JSON.parse(process.env._civic_auth_cookie_config) : void 0
   });
   const mergedConfig = _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, defaultAuthConfig), configFromEnv), config), {
     // Override with directly passed config
     cookies: {
-      tokens: _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, defaultAuthConfig.cookies.tokens), ((_c = configFromEnv == null ? void 0 : configFromEnv.cookies) == null ? void 0 : _c.tokens) || {}), ((_d = config.cookies) == null ? void 0 : _d.tokens) || {}),
-      user: _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, defaultAuthConfig.cookies.user), ((_e = configFromEnv == null ? void 0 : configFromEnv.cookies) == null ? void 0 : _e.user) || {}), ((_f = config.cookies) == null ? void 0 : _f.user) || {})
+      tokens: _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, defaultAuthConfig.cookies.tokens), ((_c = config.cookies) == null ? void 0 : _c.tokens) || {}),
+      user: _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, defaultAuthConfig.cookies.user), ((_d = config.cookies) == null ? void 0 : _d.user) || {})
     }
   });
-  logger.debug(
-    "Config from environment:",
-    JSON.stringify(configFromEnv, null, 2)
-  );
-  logger.debug("Resolved config:", JSON.stringify(mergedConfig, null, 2));
+  logger.debug("Config from environment:", configFromEnv);
+  logger.debug("Resolved config:", mergedConfig);
   if (mergedConfig.clientId === void 0) {
     throw new Error("Civic Auth client ID is required");
   }
@@ -141,10 +117,6 @@ var resolveAuthConfig = (config = {}) => {
 };
 var createCivicAuthPlugin = (clientId, authConfig = {}) => {
   return (nextConfig) => {
-    logger.debug(
-      "createCivicAuthPlugin nextConfig",
-      JSON.stringify(nextConfig, null, 2)
-    );
     const resolvedConfig = resolveAuthConfig(_chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, authConfig), { clientId }));
     return _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, nextConfig), {
       env: _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, nextConfig == null ? void 0 : nextConfig.env), {
@@ -164,10 +136,19 @@ var createCivicAuthPlugin = (clientId, authConfig = {}) => {
   };
 };
 
+// src/nextjs/utils.ts
+var resolveCallbackUrl = (config, alternativeUrl) => {
+  var _a;
+  const baseUrl = (_a = config.appUrl) != null ? _a : alternativeUrl;
+  const callbackUrl = new URL(config == null ? void 0 : config.callbackUrl, baseUrl).toString();
+  return callbackUrl.toString();
+};
+
+
 
 
 
 
 
-exports.loggers = loggers; exports.defaultAuthConfig = defaultAuthConfig; exports.resolveAuthConfig = resolveAuthConfig; exports.createCivicAuthPlugin = createCivicAuthPlugin;
-//# sourceMappingURL=chunk-JDZPCA3P.js.map
+exports.loggers = loggers; exports.defaultAuthConfig = defaultAuthConfig; exports.resolveAuthConfig = resolveAuthConfig; exports.createCivicAuthPlugin = createCivicAuthPlugin; exports.resolveCallbackUrl = resolveCallbackUrl;
+//# sourceMappingURL=chunk-WPISYQG3.js.map

package/dist/chunk-WPISYQG3.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/chunk-WPISYQG3.js","../src/lib/logger.ts","../src/nextjs/config.ts","../src/nextjs/utils.ts"],"names":[],"mappings":"AAAA;AACE;AACA;AACF,sDAA4B;AAC5B;AACA;ACLA,4EAAkB;AAElB,IAAM,aAAA,EAAe,aAAA;AASrB,IAAM,YAAA,EAAN,MAAoC;AAAA,EAMlC,WAAA,CAAY,SAAA,EAAmB;AAE7B,IAAA,IAAA,CAAK,YAAA,EAAc,6BAAA,CAAM,EAAA;AACD,IAAA;AACA,IAAA;AACC,IAAA;AAEA,IAAA;AACD,IAAA;AACA,IAAA;AACC,IAAA;AAC3B,EAAA;AAEiD,EAAA;AACrB,IAAA;AAC5B,EAAA;AAEgD,EAAA;AACrB,IAAA;AAC3B,EAAA;AAEgD,EAAA;AACrB,IAAA;AAC3B,EAAA;AAEiD,EAAA;AACrB,IAAA;AAC5B,EAAA;AACF;AAE6B;AAIN;AAAA;AAEb,EAAA;AACe,IAAA;AACI,IAAA;AACf,IAAA;AACW,MAAA;AACrB,IAAA;AACF,EAAA;AAAA;AAEO,EAAA;AACoB,IAAA;AACL,IAAA;AACE,IAAA;AACxB,EAAA;AAAA;AAEU,EAAA;AACiB,IAAA;AACH,IAAA;AACxB,EAAA;AACF;ADjB8B;AACA;AElDA;AAiC6C;AAC5D,EAAA;AACA,EAAA;AACC,EAAA;AACH,EAAA;AACD,EAAA;AACI,EAAA;AACJ,EAAA;AACD,EAAA;AACC,IAAA;AACI,MAAA;AACJ,MAAA;AACO,MAAA;AAAA;AACf,IAAA;AACM,IAAA;AACM,MAAA;AACJ,MAAA;AACO,MAAA;AAAA;AACf,IAAA;AACF,EAAA;AACF;AAGE;AAE4B,EAAA;AACL,EAAA;AACO,IAAA;AACL,MAAA;AACvB,IAAA;AACF,EAAA;AACO,EAAA;AACT;AAoBE;AA1FF,EAAA;AA6FwB,EAAA;AACE,IAAA;AACG,IAAA;AACA,IAAA;AACC,IAAA;AACJ,IAAA;AACF,IAAA;AACG,IAAA;AACN,IAAA;AACA,IAAA;AACI,IAAA;AAGtB,EAAA;AAEoB,EAAA;AAAA;AAIV,IAAA;AACC,MAAA;AAIF,MAAA;AAIR,IAAA;AACF,EAAA;AAEa,EAAA;AACA,EAAA;AACI,EAAA;AACC,IAAA;AAClB,EAAA;AACO,EAAA;AACT;AA0BE;AAGoC,EAAA;AACX,IAAA;AAChB,IAAA;AAEA,MAAA;AAAA;AAGH,QAAA;AACqB,QAAA;AACrB,QAAA;AACA,QAAA;AACA,QAAA;AACA,QAAA;AACqB,QAAA;AACC,QAAA;AACA,QAAA;AACtB,QAAA;AACF,MAAA;AACF,IAAA;AACF,EAAA;AACF;AF1C8B;AACA;AGvI5B;AAHF,EAAA;AAMkB,EAAA;AACY,EAAA;AACA,EAAA;AAC9B;AHwI8B;AACA;AACA;AACA;AACA;AACA;AACA;AACA","file":"/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/chunk-WPISYQG3.js","sourcesContent":[null,"import debug from \"debug\";\n\nconst PACKAGE_NAME = \"@civic/auth\";\n\nexport interface Logger {\n  debug(message: string, ...args: unknown[]): void;\n  info(message: string, ...args: unknown[]): void;\n  warn(message: string, ...args: unknown[]): void;\n  error(message: string, ...args: unknown[]): void;\n}\n\nclass DebugLogger implements Logger {\n  private debugLogger: debug.Debugger;\n  private infoLogger: debug.Debugger;\n  private warnLogger: debug.Debugger;\n  private errorLogger: debug.Debugger;\n\n  constructor(namespace: string) {\n    // Format: @org/package:library:component:level\n    this.debugLogger = debug(`${PACKAGE_NAME}:${namespace}:debug`);\n    this.infoLogger = debug(`${PACKAGE_NAME}:${namespace}:info`);\n    this.warnLogger = debug(`${PACKAGE_NAME}:${namespace}:warn`);\n    this.errorLogger = debug(`${PACKAGE_NAME}:${namespace}:error`);\n\n    this.debugLogger.color = \"4\";\n    this.infoLogger.color = \"2\";\n    this.warnLogger.color = \"3\";\n    this.errorLogger.color = \"1\";\n  }\n\n  debug(message: string, ...args: unknown[]): void {\n    this.debugLogger(message, ...args);\n  }\n\n  info(message: string, ...args: unknown[]): void {\n    this.infoLogger(message, ...args);\n  }\n\n  warn(message: string, ...args: unknown[]): void {\n    this.warnLogger(message, ...args);\n  }\n\n  error(message: string, ...args: unknown[]): void {\n    this.errorLogger(message, ...args);\n  }\n}\n\nexport const createLogger = (namespace: string): Logger =>\n  new DebugLogger(namespace);\n\n// Pre-configured loggers for different parts of your package\nexport const loggers = {\n  // Next.js specific loggers\n  nextjs: {\n    routes: createLogger(\"api:routes\"),\n    middleware: createLogger(\"api:middleware\"),\n    handlers: {\n      auth: createLogger(\"api:handlers:auth\"),\n    },\n  },\n  // React specific loggers\n  react: {\n    components: createLogger(\"react:components\"),\n    hooks: createLogger(\"react:hooks\"),\n    context: createLogger(\"react:context\"),\n  },\n  // Shared utilities loggers\n  services: {\n    validation: createLogger(\"utils:validation\"),\n    network: createLogger(\"utils:network\"),\n  },\n} as const;\n","/* eslint-disable turbo/no-undeclared-env-vars */\n\"use server\";\nimport { NextConfig } from \"next\";\nimport { loggers } from \"@/lib/logger\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nexport interface CookieConfig {\n  secure?: boolean;\n  sameSite?: \"strict\" | \"lax\" | \"none\";\n  domain?: string;\n  path?: string;\n  maxAge?: number;\n}\n\nexport type AuthConfigWithDefaults = {\n  clientId: string;\n  oauthServer: string;\n  callbackUrl: string;\n  loginUrl: string;\n  logoutUrl: string;\n  appUrl?: string;\n  challengeUrl: string;\n  include: string[];\n  exclude: string[];\n  cookies: {\n    tokens: CookieConfig;\n    user: CookieConfig;\n  };\n};\n\nexport type AuthConfig = Partial<AuthConfigWithDefaults>;\n\nexport type DefinedAuthConfig = AuthConfigWithDefaults;\n\n/**\n * Default configuration values that will be used if not overridden\n */\nexport const defaultAuthConfig: Omit<AuthConfigWithDefaults, \"clientId\"> = {\n  oauthServer: \"https://auth-dev.civic.com/oauth\",\n  callbackUrl: \"/api/auth/callback\",\n  challengeUrl: \"/api/auth/challenge\",\n  logoutUrl: \"/api/auth/logout\",\n  loginUrl: \"/\",\n  include: [\"/*\"],\n  exclude: [],\n  cookies: {\n    tokens: {\n      sameSite: \"strict\",\n      path: \"/\",\n      maxAge: 60 * 60, // 1 hour\n    },\n    user: {\n      sameSite: \"strict\",\n      path: \"/\",\n      maxAge: 60 * 60, // 1 hour\n    },\n  },\n};\n\nconst withoutUndefined = <T extends { [k: string]: unknown }>(\n  obj: T,\n): Partial<T> => {\n  const result: Partial<T> = {};\n  for (const key in obj) {\n    if (obj[key] !== undefined) {\n      result[key] = obj[key];\n    }\n  }\n  return result;\n};\n\n/**\n * Resolves the authentication configuration by combining:\n * 1. Default values\n * 2. Environment variables (set internally by the plugin)\n * 3. Explicitly passed configuration\n *\n * Note: Developers should not set _civic_auth_* environment variables directly.\n * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n *   callbackUrl: '/custom/callback',\n * })\n * ```\n */\nexport const resolveAuthConfig = (\n  config: AuthConfig = {},\n): AuthConfigWithDefaults & { clientId: string } => {\n  // Read configuration that was set by the plugin via environment variables\n  const configFromEnv = withoutUndefined({\n    clientId: process.env._civic_auth_client_id,\n    oauthServer: process.env._civic_oauth_server,\n    callbackUrl: process.env._civic_auth_callback_url,\n    challengeUrl: process.env._civic_auth_challenge_url,\n    loginUrl: process.env._civic_auth_login_url,\n    appUrl: process.env._civic_auth_app_url,\n    logoutUrl: process.env._civic_auth_logout_url,\n    include: process.env._civic_auth_includes?.split(\",\"),\n    exclude: process.env._civic_auth_excludes?.split(\",\"),\n    cookies: process.env._civic_auth_cookie_config\n      ? JSON.parse(process.env._civic_auth_cookie_config)\n      : undefined,\n  });\n\n  const mergedConfig = {\n    ...defaultAuthConfig,\n    ...configFromEnv, // Apply plugin-set config\n    ...config, // Override with directly passed config\n    cookies: {\n      tokens: {\n        ...defaultAuthConfig.cookies.tokens,\n        ...(config.cookies?.tokens || {}),\n      },\n      user: {\n        ...defaultAuthConfig.cookies.user,\n        ...(config.cookies?.user || {}),\n      },\n    },\n  };\n\n  logger.debug(\"Config from environment:\", configFromEnv);\n  logger.debug(\"Resolved config:\", mergedConfig);\n  if (mergedConfig.clientId === undefined) {\n    throw new Error(\"Civic Auth client ID is required\");\n  }\n  return mergedConfig as AuthConfigWithDefaults & { clientId: string };\n};\n\n/**\n * Creates a Next.js plugin that handles auth configuration.\n *\n * This is the main configuration point for the auth system.\n * Do not set _civic_auth_* environment variables directly - instead,\n * pass your configuration here:\n *\n * @example\n * ```js\n * // next.config.js\n * export tefault createCivicAuthPlugin({\n *   clientId: 'my-client-id',\n *   callbackUrl: '/custom/callback',\n *   loginUrl: '/custom/login',\n *   logoutUrl: '/custom/logout',\n *   include: ['/protected/*'],\n *   exclude: ['/public/*']\n * })\n * ```\n *\n * The plugin sets internal environment variables that are used by\n * the auth system. These variables should not be set manually.\n */\nexport const createCivicAuthPlugin = (\n  clientId: string,\n  authConfig: AuthConfig = {},\n) => {\n  return (nextConfig?: NextConfig) => {\n    const resolvedConfig = resolveAuthConfig({ ...authConfig, clientId });\n    return {\n      ...nextConfig,\n      env: {\n        ...nextConfig?.env,\n        // Internal environment variables - do not set these manually\n        _civic_auth_client_id: clientId,\n        _civic_oauth_server: resolvedConfig.oauthServer,\n        _civic_auth_callback_url: resolvedConfig.callbackUrl,\n        _civic_auth_challenge_url: resolvedConfig.challengeUrl,\n        _civic_auth_login_url: resolvedConfig.loginUrl,\n        _civic_auth_logout_url: resolvedConfig.logoutUrl,\n        _civic_auth_app_url: resolvedConfig.appUrl,\n        _civic_auth_includes: resolvedConfig.include.join(\",\"),\n        _civic_auth_excludes: resolvedConfig.exclude.join(\",\"),\n        _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies),\n      },\n    };\n  };\n};\n","import { AuthConfigWithDefaults } from \"@/nextjs/config\";\n\nexport const resolveCallbackUrl = (\n  config: AuthConfigWithDefaults,\n  alternativeUrl?: string,\n): string => {\n  const baseUrl = config.appUrl ?? alternativeUrl;\n  const callbackUrl = new URL(config?.callbackUrl, baseUrl).toString();\n  return callbackUrl.toString();\n};\n"]}

package/dist/index-DoDoIY_K.d.mts

@@ -0,0 +1,79 @@
+import { TokenResponseBody } from 'oslo/oauth2';
+import { JWT } from 'oslo/jwt';
+
+type UnknownObject = Record<string, unknown>;
+type EmptyObject = Record<string, never>;
+type DisplayMode = "iframe" | "redirect" | "new_tab" | "custom_tab";
+interface AuthSessionService {
+    loadAuthorizationUrl(authorizationURL: string, displayMode: DisplayMode): void;
+    getAuthorizationUrl(scopes: string[], overrideDisplayMode: DisplayMode, nonce?: string): Promise<string>;
+    signIn(displayMode: DisplayMode, scopes: string[], nonce?: string): Promise<void>;
+    tokenExchange(responseUrl: string): Promise<SessionData>;
+    getSessionData(): SessionData;
+    updateSessionData(data: SessionData): void;
+    getUserInfoService(): Promise<UserInfoService>;
+}
+interface UserInfoService {
+    getUserInfo<T extends UnknownObject>(accessToken: string, idToken: string | null): Promise<User<T> | null>;
+}
+type Endpoints = {
+    jwks: string;
+    auth: string;
+    token: string;
+    userinfo: string;
+    challenge?: string;
+};
+type Config = {
+    oauthServer: string;
+    endpoints?: Endpoints;
+};
+type SessionData = {
+    authenticated: boolean;
+    state?: string;
+    accessToken?: string;
+    refreshToken?: string;
+    idToken?: string;
+    timestamp?: number;
+    expiresIn?: number;
+    codeVerifier?: string;
+    displayMode?: DisplayMode;
+    openerUrl?: string;
+};
+type OIDCTokenResponseBody = TokenResponseBody & {
+    id_token: string;
+};
+type ParsedTokens = {
+    id_token: JWTPayload;
+    access_token: JWTPayload;
+    refresh_token?: string;
+};
+type ForwardedTokens = Record<string, {
+    idToken?: string;
+    accessToken?: string;
+    refreshToken?: string;
+}>;
+type JWTPayload = JWT["payload"] & {
+    iss: string;
+    aud: string;
+    sub: string;
+    iat: number;
+    exp: number;
+};
+type Tokens = {
+    idToken: string;
+    accessToken: string;
+    refreshToken: string;
+    forwardedTokens: ForwardedTokens;
+};
+type BaseUser = {
+    id: string;
+    email?: string;
+    name?: string;
+    given_name?: string;
+    family_name?: string;
+    picture?: string;
+    updated_at?: Date;
+};
+type User<T extends UnknownObject = EmptyObject> = BaseUser & Tokens & T;
+
+export type { AuthSessionService as A, Config as C, DisplayMode as D, Endpoints as E, ForwardedTokens as F, OIDCTokenResponseBody as O, ParsedTokens as P, SessionData as S, Tokens as T, User as U, UnknownObject as a, UserInfoService as b };

package/dist/index-DoDoIY_K.d.ts

@@ -0,0 +1,79 @@
+import { TokenResponseBody } from 'oslo/oauth2';
+import { JWT } from 'oslo/jwt';
+
+type UnknownObject = Record<string, unknown>;
+type EmptyObject = Record<string, never>;
+type DisplayMode = "iframe" | "redirect" | "new_tab" | "custom_tab";
+interface AuthSessionService {
+    loadAuthorizationUrl(authorizationURL: string, displayMode: DisplayMode): void;
+    getAuthorizationUrl(scopes: string[], overrideDisplayMode: DisplayMode, nonce?: string): Promise<string>;
+    signIn(displayMode: DisplayMode, scopes: string[], nonce?: string): Promise<void>;
+    tokenExchange(responseUrl: string): Promise<SessionData>;
+    getSessionData(): SessionData;
+    updateSessionData(data: SessionData): void;
+    getUserInfoService(): Promise<UserInfoService>;
+}
+interface UserInfoService {
+    getUserInfo<T extends UnknownObject>(accessToken: string, idToken: string | null): Promise<User<T> | null>;
+}
+type Endpoints = {
+    jwks: string;
+    auth: string;
+    token: string;
+    userinfo: string;
+    challenge?: string;
+};
+type Config = {
+    oauthServer: string;
+    endpoints?: Endpoints;
+};
+type SessionData = {
+    authenticated: boolean;
+    state?: string;
+    accessToken?: string;
+    refreshToken?: string;
+    idToken?: string;
+    timestamp?: number;
+    expiresIn?: number;
+    codeVerifier?: string;
+    displayMode?: DisplayMode;
+    openerUrl?: string;
+};
+type OIDCTokenResponseBody = TokenResponseBody & {
+    id_token: string;
+};
+type ParsedTokens = {
+    id_token: JWTPayload;
+    access_token: JWTPayload;
+    refresh_token?: string;
+};
+type ForwardedTokens = Record<string, {
+    idToken?: string;
+    accessToken?: string;
+    refreshToken?: string;
+}>;
+type JWTPayload = JWT["payload"] & {
+    iss: string;
+    aud: string;
+    sub: string;
+    iat: number;
+    exp: number;
+};
+type Tokens = {
+    idToken: string;
+    accessToken: string;
+    refreshToken: string;
+    forwardedTokens: ForwardedTokens;
+};
+type BaseUser = {
+    id: string;
+    email?: string;
+    name?: string;
+    given_name?: string;
+    family_name?: string;
+    picture?: string;
+    updated_at?: Date;
+};
+type User<T extends UnknownObject = EmptyObject> = BaseUser & Tokens & T;
+
+export type { AuthSessionService as A, Config as C, DisplayMode as D, Endpoints as E, ForwardedTokens as F, OIDCTokenResponseBody as O, ParsedTokens as P, SessionData as S, Tokens as T, User as U, UnknownObject as a, UserInfoService as b };

package/dist/index.css

@@ -107,7 +107,7 @@
   --tw-contain-paint: ;
   --tw-contain-style: ;
 }
-.cac-sr-only {
+.sr-only {
   position: absolute;
   width: 1px;
   height: 1px;
@@ -118,178 +118,185 @@
   white-space: nowrap;
   border-width: 0;
 }
-.cac-absolute {
+.static {
+  position: static;
+}
+.absolute {
   position: absolute;
 }
-.cac-relative {
+.relative {
   position: relative;
 }
-.cac-inset-0 {
+.inset-0 {
   inset: 0px;
 }
-.cac-left-0 {
+.left-0 {
   left: 0px;
 }
-.cac-right-0 {
+.right-0 {
   right: 0px;
 }
-.cac-right-4 {
+.right-4 {
   right: 1rem;
 }
-.cac-top-0 {
+.top-0 {
   top: 0px;
 }
-.cac-top-4 {
+.top-4 {
   top: 1rem;
 }
-.cac-z-50 {
+.z-50 {
   z-index: 50;
 }
-.cac-mt-2 {
+.mt-2 {
   margin-top: 0.5rem;
 }
-.cac-block {
+.block {
   display: block;
 }
-.cac-inline {
+.inline {
   display: inline;
 }
-.cac-flex {
+.flex {
   display: flex;
 }
-.cac-hidden {
+.hidden {
   display: none;
 }
-.cac-h-10 {
+.h-10 {
   height: 2.5rem;
 }
-.cac-h-8 {
+.h-8 {
   height: 2rem;
 }
-.cac-h-\[26rem\] {
-  height: 26rem;
+.h-96 {
+  height: 24rem;
 }
-.cac-h-full {
+.h-full {
   height: 100%;
 }
-.cac-h-screen {
+.h-screen {
   height: 100vh;
 }
-.cac-w-10 {
+.w-10 {
   width: 2.5rem;
 }
-.cac-w-8 {
+.w-8 {
   width: 2rem;
 }
-.cac-w-full {
+.w-80 {
+  width: 20rem;
+}
+.w-full {
   width: 100%;
 }
-.cac-w-screen {
+.w-screen {
   width: 100vw;
 }
-.cac-min-w-72 {
-  min-width: 18rem;
-}
-.cac-shrink-0 {
+.shrink-0 {
   flex-shrink: 0;
 }
-@keyframes cac-spin {
+@keyframes spin {
   to {
     transform: rotate(360deg);
   }
 }
-.cac-animate-spin {
-  animation: cac-spin 1s linear infinite;
+.animate-spin {
+  animation: spin 1s linear infinite;
 }
-.cac-cursor-pointer {
+.cursor-pointer {
   cursor: pointer;
 }
-.cac-items-center {
+.items-center {
   align-items: center;
 }
-.cac-justify-center {
+.justify-center {
   justify-content: center;
 }
-.cac-justify-between {
+.justify-between {
   justify-content: space-between;
 }
-.cac-gap-2 {
+.gap-2 {
   gap: 0.5rem;
 }
-.cac-overflow-hidden {
+.overflow-hidden {
   overflow: hidden;
 }
-.cac-rounded-3xl {
+.rounded-3xl {
   border-radius: 1.5rem;
 }
-.cac-rounded-full {
+.rounded-full {
   border-radius: 9999px;
 }
-.cac-rounded-lg {
+.rounded-lg {
   border-radius: 0.5rem;
 }
-.cac-border {
+.border {
   border-width: 1px;
 }
-.cac-border-none {
+.border-none {
   border-style: none;
 }
-.cac-border-neutral-500 {
+.border-neutral-500 {
   --tw-border-opacity: 1;
   border-color: rgb(115 115 115 / var(--tw-border-opacity));
 }
-.cac-bg-neutral-950 {
+.bg-neutral-100 {
+  --tw-bg-opacity: 1;
+  background-color: rgb(245 245 245 / var(--tw-bg-opacity));
+}
+.bg-neutral-950 {
   --tw-bg-opacity: 1;
   background-color: rgb(10 10 10 / var(--tw-bg-opacity));
 }
-.cac-bg-transparent {
+.bg-transparent {
   background-color: transparent;
 }
-.cac-bg-white {
+.bg-white {
   --tw-bg-opacity: 1;
   background-color: rgb(255 255 255 / var(--tw-bg-opacity));
 }
-.cac-bg-opacity-50 {
+.bg-opacity-50 {
   --tw-bg-opacity: 0.5 ;
 }
-.cac-fill-neutral-600 {
+.fill-neutral-600 {
   fill: #525252;
 }
-.cac-object-cover {
+.object-cover {
   -o-object-fit: cover;
   object-fit: cover;
 }
-.cac-p-1 {
+.p-1 {
   padding: 0.25rem;
 }
-.cac-p-2 {
-  padding: 0.5rem;
+.p-6 {
+  padding: 1.5rem;
 }
-.cac-px-3 {
+.px-3 {
   padding-left: 0.75rem;
   padding-right: 0.75rem;
 }
-.cac-px-4 {
+.px-4 {
   padding-left: 1rem;
   padding-right: 1rem;
 }
-.cac-py-2 {
+.py-2 {
   padding-top: 0.5rem;
   padding-bottom: 0.5rem;
 }
-.cac-text-neutral-200 {
+.text-neutral-200 {
   --tw-text-opacity: 1;
   color: rgb(229 229 229 / var(--tw-text-opacity));
 }
-.cac-text-neutral-400 {
+.text-neutral-400 {
   --tw-text-opacity: 1;
   color: rgb(163 163 163 / var(--tw-text-opacity));
 }
-.cac-text-neutral-500 {
+.text-neutral-500 {
   --tw-text-opacity: 1;
   color: rgb(115 115 115 / var(--tw-text-opacity));
 }
-.cac-shadow-lg {
+.shadow-lg {
   --tw-shadow: 0 10px 15px -3px rgb(0 0 0 / 0.1), 0 4px 6px -4px rgb(0 0 0 / 0.1);
   --tw-shadow-colored: 0 10px 15px -3px var(--tw-shadow-color), 0 4px 6px -4px var(--tw-shadow-color);
   box-shadow:
@@ -297,7 +304,7 @@
     var(--tw-ring-shadow, 0 0 #0000),
     var(--tw-shadow);
 }
-.cac-shadow-xl {
+.shadow-xl {
   --tw-shadow: 0 20px 25px -5px rgb(0 0 0 / 0.1), 0 8px 10px -6px rgb(0 0 0 / 0.1);
   --tw-shadow-colored: 0 20px 25px -5px var(--tw-shadow-color), 0 8px 10px -6px var(--tw-shadow-color);
   box-shadow:
@@ -305,7 +312,7 @@
     var(--tw-ring-shadow, 0 0 #0000),
     var(--tw-shadow);
 }
-.cac-transition-colors {
+.transition-colors {
   transition-property:
     color,
     background-color,
@@ -316,23 +323,18 @@
   transition-timing-function: cubic-bezier(0.4, 0, 0.2, 1);
   transition-duration: 150ms;
 }
-.hover\:cac-bg-neutral-200:hover {
+.hover\:bg-neutral-200:hover {
   --tw-bg-opacity: 1;
   background-color: rgb(229 229 229 / var(--tw-bg-opacity));
 }
-.hover\:cac-bg-opacity-50:hover {
+.hover\:bg-opacity-50:hover {
   --tw-bg-opacity: 0.5 ;
 }
-@media (min-width: 640px) {
-  .sm\:cac-p-6 {
-    padding: 1.5rem;
-  }
-}
 @media (prefers-color-scheme: dark) {
-  .dark\:cac-fill-neutral-300 {
+  .dark\:fill-neutral-300 {
     fill: #d4d4d4;
   }
-  .dark\:cac-text-neutral-600 {
+  .dark\:text-neutral-600 {
     --tw-text-opacity: 1;
     color: rgb(82 82 82 / var(--tw-text-opacity));
   }