@civic/auth 0.0.1-beta.3 → 0.0.1-beta.31

package/dist/nextjs.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/nextjs.js","../src/shared/UserSession.ts","../src/nextjs/cookies.ts","../src/nextjs/GetUser.ts","../src/nextjs/middleware.ts","../src/nextjs/routeHandler.ts"],"names":["getUser","NextResponse"],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACF,sDAA4B;AAC5B;AACA;ACbO,IAAM,mBAAA,EAAN,MAAgD;AAAA,EACrD,WAAA,CAAqB,OAAA,EAAsB;AAAtB,IAAA,IAAA,CAAA,QAAA,EAAA,OAAA;AAAA,EAAuB;AAAA,EAE5C,GAAA,CAAA,EAAmB;AACjB,IAAA,MAAM,KAAA,EAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAA,iBAA4B,CAAA;AACtD,IAAA,OAAO,KAAA,EAAO,IAAA,CAAK,KAAA,CAAM,IAAI,EAAA,EAAI,IAAA;AAAA,EACnC;AAAA,EAEA,GAAA,CAAI,IAAA,EAAyB;AAC3B,IAAA,MAAM,MAAA,EAAQ,KAAA,EAAO,IAAA,CAAK,SAAA,CAAU,IAAI,EAAA,EAAI,EAAA;AAC5C,IAAA,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAA,iBAAA,EAA8B,KAAK,CAAA;AAAA,EAClD;AACF,CAAA;ADeA;AACA;AEjCA,4CAAwB;AA4ExB,IAAM,iBAAA,EAAmB,CAAA,EAAA,GAAY,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAEnC,EAAA,MAAM,cAAA,EAAgB,IAAI,mBAAA,CAAoB,CAAA;AAC9C,EAAA,0CAAA,aAAyB,CAAA;AAGzB,EAAA,MAAM,cAAA,EAAgB,IAAI,mBAAA,CAAoB,CAAA;AAC9C,EAAA,MAAM,YAAA,EAAc,IAAI,kBAAA,CAAmB,aAAa,CAAA;AACxD,EAAA,WAAA,CAAY,GAAA,CAAI,IAAI,CAAA;AACtB,CAAA,CAAA;AAEA,IAAM,oBAAA,EAAN,MAAA,QAAkC,+BAAc;AAAA,EAC9C,WAAA,CAAY,OAAA,EAAyC,CAAC,CAAA,EAAG;AACvD,IAAA,KAAA,CAAM,4CAAA,6CAAA,CAAA,CAAA,EACD,MAAA,CAAA,EADC;AAAA,MAEJ,MAAA,EAAQ,IAAA;AAAA,MACR,QAAA,EAAU;AAAA,IACZ,CAAA,CAAC,CAAA;AAAA,EACH;AAAA,EAEA,GAAA,CAAI,GAAA,EAA4B;AApGlC,IAAA,IAAA,EAAA;AAqGI,IAAA,OAAA,CAAA,CAAO,GAAA,EAAA,gCAAA,CAAQ,CAAE,GAAA,CAAI,GAAG,CAAA,EAAA,GAAjB,KAAA,EAAA,KAAA,EAAA,EAAA,EAAA,CAAoB,KAAA,EAAA,GAAS,IAAA;AAAA,EACtC;AAAA,EAEA,GAAA,CAAI,GAAA,EAAa,KAAA,EAAqB;AACpC,IAAA,gCAAA,CAAQ,CAAE,GAAA,CAAI,GAAA,EAAK,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA;AAAA,EACzC;AACF,CAAA;AAEA,IAAM,oBAAA,EAAN,MAAA,QAAkC,+BAAc;AAAA,EAC9C,WAAA,CAAY,OAAA,EAAyC,CAAC,CAAA,EAAG;AACvD,IAAA,KAAA,CAAM,4CAAA,6CAAA,CAAA,CAAA,EACD,MAAA,CAAA,EADC;AAAA,MAEJ,MAAA,EAAQ,KAAA;AAAA,MACR,QAAA,EAAU;AAAA,IACZ,CAAA,CAAC,CAAA;AAAA,EACH;AAAA,EAEA,GAAA,CAAI,GAAA,EAA4B;AAtHlC,IAAA,IAAA,EAAA;AAuHI,IAAA,OAAA,CAAA,CAAO,GAAA,EAAA,gCAAA,CAAQ,CAAE,GAAA,CAAI,GAAG,CAAA,EAAA,GAAjB,KAAA,EAAA,KAAA,EAAA,EAAA,EAAA,CAAoB,KAAA,EAAA,GAAS,IAAA;AAAA,EACtC;AAAA,EAEA,GAAA,CAAI,GAAA,EAAa,KAAA,EAAqB;AACpC,IAAA,gCAAA,CAAQ,CAAE,GAAA,CAAI,GAAA,EAAK,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA;AAAA,EACzC;AACF,CAAA;AFjDA;AACA;AGtEO,IAAMA,SAAAA,EAAU,CAAA,EAAA,GAAmB;AACxC,EAAA,MAAM,cAAA,EAAgB,IAAI,mBAAA,CAAoB,CAAA;AAC9C,EAAA,MAAM,YAAA,EAAc,IAAI,kBAAA,CAAmB,aAAa,CAAA;AACxD,EAAA,OAAO,WAAA,CAAY,GAAA,CAAI,CAAA;AACzB,CAAA;AHwEA;AACA;AI/DA,0CAA0C;AAC1C,4FAAsB;AAgBtB,IAAM,UAAA,EAAY,CAAC,QAAA,EAAkB,WAAA,EAAA,GAAwB;AAC3D,EAAA,MAAM,QAAA,EAAU,iCAAA,WAAqB,CAAA;AACrC,EAAA,OAAO,OAAA,CAAQ,QAAQ,CAAA;AACzB,CAAA;AAOA,IAAM,aAAA,EAAe,CAAC,QAAA,EAAkB,QAAA,EAAA,GACtC,QAAA,CAAS,IAAA,CAAK,CAAC,OAAA,EAAA,GAAY;AACzB,EAAA,GAAA,CAAI,CAAC,OAAA,EAAS,OAAO,KAAA;AACrB,EAAA,OAAA,CAAQ,GAAA,CAAI,UAAA,EAAY;AAAA,IACtB,OAAA;AAAA,IACA,QAAA;AAAA,IACA,KAAA,EAAO,SAAA,CAAU,QAAA,EAAU,OAAO;AAAA,EACpC,CAAC,CAAA;AACD,EAAA,OAAO,SAAA,CAAU,QAAA,EAAU,OAAO,CAAA;AACpC,CAAC,CAAA;AAGH,IAAM,UAAA,EAAY,CAChB,UAAA,EACA,OAAA,EAAA,GACsC,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACtC,EAAA,MAAM,uBAAA,EAAyB,gDAAA,UAA4B,CAAA;AAI3D,EAAA,MAAM,gBAAA,EAAkB,CAAC,CAAC,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA;AAGxD,EAAA,GAAA,CAAI,OAAA,CAAQ,OAAA,CAAQ,SAAA,IAAa,sBAAA,CAAuB,QAAA,EAAU;AAChE,IAAA,OAAA,CAAQ,GAAA,CAAI,oDAA+C,CAAA;AAC3D,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAEA,EAAA,GAAA,CAAI,CAAC,YAAA,CAAa,OAAA,CAAQ,OAAA,CAAQ,QAAA,EAAU,sBAAA,CAAuB,OAAO,CAAA,EAAG;AAC3E,IAAA,OAAA,CAAQ,GAAA,CAAI,2DAAsD,CAAA;AAClE,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAEA,EAAA,GAAA,CAAI,YAAA,CAAa,OAAA,CAAQ,OAAA,CAAQ,QAAA,EAAU,sBAAA,CAAuB,OAAO,CAAA,EAAG;AAC1E,IAAA,OAAA,CAAQ,GAAA,CAAI,uDAAkD,CAAA;AAC9D,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAGA,EAAA,GAAA,CAAI,CAAC,eAAA,EAAiB;AACpB,IAAA,OAAA,CAAQ,GAAA,CAAI,oDAA+C,CAAA;AAC3D,IAAA,MAAM,SAAA,EAAW,IAAI,GAAA,CAAI,sBAAA,CAAuB,QAAA,EAAU,OAAA,CAAQ,GAAG,CAAA;AACrE,IAAA,OAAO,sBAAA,CAAa,QAAA,CAAS,QAAQ,CAAA;AAAA,EACvC;AAEA,EAAA,OAAA,CAAQ,GAAA,CAAI,0BAAqB,CAAA;AACjC,EAAA,OAAO,KAAA,CAAA;AACT,CAAA,CAAA;AAUO,IAAM,eAAA,EACX,CAAC,WAAA,EAAa,kCAAA,EAAA,GACd,CAAO,OAAA,EAAA,GAAgD,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACrD,EAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,UAAA,EAAY,OAAO,CAAA;AACpD,EAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AAIrB,EAAA,OAAO,sBAAA,CAAa,IAAA,CAAK,CAAA;AAC3B,CAAA,CAAA;AAWK,SAAS,QAAA,CACd,UAAA,EACiD;AACjD,EAAA,OAAO,CAAO,OAAA,EAAA,GAAgD,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC5D,IAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,CAAC,CAAA,EAAG,OAAO,CAAA;AAC5C,IAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AACrB,IAAA,OAAO,UAAA,CAAW,OAAO,CAAA;AAAA,EAC3B,CAAA,CAAA;AACF;AAeO,SAAS,IAAA,CAAK,WAAA,EAAyB,CAAC,CAAA,EAAG;AAChD,EAAA,OAAO,CACL,UAAA,EAAA,GACsD;AACtD,IAAA,OAAO,CAAO,OAAA,EAAA,GAAgD,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC5D,MAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,UAAA,EAAY,OAAO,CAAA;AACpD,MAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AACrB,MAAA,OAAO,UAAA,CAAW,OAAO,CAAA;AAAA,IAC3B,CAAA,CAAA;AAAA,EACF,CAAA;AACF;AJdA;AACA;AKjJA;AACA,wCAA+B;AAc/B,IAAM,OAAA,EAAS,wBAAA,CAAQ,MAAA,CAAO,QAAA,CAAS,IAAA;AAEvC,IAAM,UAAA,EAAN,MAAA,QAAwB,MAAM;AAAA,EAC5B,WAAA,CACE,OAAA,EACgB,OAAA,EAAiB,GAAA,EACjC;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAFG,IAAA,IAAA,CAAA,OAAA,EAAA,MAAA;AAGhB,IAAA,IAAA,CAAK,KAAA,EAAO,WAAA;AAAA,EACd;AACF,CAAA;AAOA,SAAe,eAAA,CAAA,EAAyC;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACtD,IAAA,MAAM,cAAA,EAAgB,IAAI,mBAAA,CAAoB,CAAA;AAC9C,IAAA,MAAM,aAAA,EAAe,IAAI,qDAAA,CAAgC,aAAa,CAAA;AAEtE,IAAA,MAAM,UAAA,EAAY,MAAM,YAAA,CAAa,gBAAA,CAAiB,CAAA;AAEtD,IAAA,OAAOC,sBAAAA,CAAa,IAAA,CAAK,EAAE,MAAA,EAAQ,SAAA,EAAW,UAAU,CAAC,CAAA;AAAA,EAC3D,CAAA,CAAA;AAAA;AAEA,SAAe,cAAA,CACb,OAAA,EACA,MAAA,EACuB;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACvB,IAAA,MAAM,KAAA,EAAO,OAAA,CAAQ,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AACpD,IAAA,MAAM,MAAA,EAAQ,OAAA,CAAQ,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AACtD,IAAA,GAAA,CAAI,CAAC,KAAA,GAAQ,CAAC,KAAA,EAAO,MAAM,IAAI,SAAA,CAAU,gBAAA,EAAkB,GAAG,CAAA;AAE9D,IAAA,MAAM,cAAA,EAAgB,IAAI,mBAAA,CAAoB,CAAA;AAE9C,IAAA,MAAM,gBAAA,EAAkB,gDAAA,MAAwB,CAAA;AAChD,IAAA,MAAM,YAAA,EAAc,iDAAA,eAAmB,EAAiB,OAAA,CAAQ,GAAG,CAAA;AAEnE,IAAA,IAAI;AACF,MAAA,MAAM,qDAAA,IAAuB,EAAM,KAAA,EAAO,aAAA,EAAe,4CAAA,6CAAA,CAAA,CAAA,EACpD,eAAA,CAAA,EADoD;AAAA,QAEvD,WAAA,EAAa;AAAA,MACf,CAAA,CAAC,CAAA;AAAA,IACH,EAAA,MAAA,CAAS,KAAA,EAAO;AACd,MAAA,MAAA,CAAO,KAAA,CAAM,wBAAA,EAA0B,KAAK,CAAA;AAC5C,MAAA,MAAM,IAAI,SAAA,CAAU,6BAAA,EAA+B,GAAG,CAAA;AAAA,IACxD;AAEA,IAAA,MAAM,KAAA,EAAO,MAAM,sCAAA,aAAqB,CAAA;AACxC,IAAA,GAAA,CAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,SAAA,CAAU,yBAAA,EAA2B,GAAG,CAAA;AAAA,IACpD;AAEA,IAAA,MAAM,cAAA,EAAgB,IAAI,mBAAA,CAAoB,CAAA;AAC9C,IAAA,MAAM,YAAA,EAAc,IAAI,kBAAA,CAAmB,aAAa,CAAA;AAExD,IAAA,WAAA,CAAY,GAAA,CAAI,IAAI,CAAA;AAKpB,IAAA,MAAM,SAAA,EAAW,IAAIA,2BAAAA,CAAa,CAAA,aAAA,CAAe,CAAA;AACjD,IAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,cAAA,EAAgB,0BAA0B,CAAA;AAC/D,IAAA,OAAO,QAAA;AAAA,EACT,CAAA,CAAA;AAAA;AAQA,IAAM,wBAAA,EAA0B,CAC9B,YAAA,EACA,eAAA,EAAA,GACG;AAEH,EAAA,GAAA,CAAI,yBAAA,CAA0B,IAAA,CAAK,YAAY,CAAA,EAAG;AAChD,IAAA,OAAO,YAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAI,GAAA,CAAI,YAAA,EAAc,eAAe,CAAA,CAAE,IAAA;AAChD,CAAA;AAEA,SAAe,YAAA,CACb,OAAA,EACA,MAAA,EACuB;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAtGzB,IAAA,IAAA,EAAA;AAuGE,IAAA,MAAM,gBAAA,EAAkB,gDAAA,MAAwB,CAAA;AAChD,IAAA,MAAM,oBAAA,EAAA,CAAsB,GAAA,EAAA,eAAA,CAAgB,QAAA,EAAA,GAAhB,KAAA,EAAA,GAAA,EAA4B,GAAA;AACxD,IAAA,MAAM,eAAA,EACJ,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE,YAAA,CAAa,GAAA,CAAI,UAAU,EAAA,GAAK,mBAAA;AACvD,IAAA,MAAM,mBAAA,EAAqB,yBAAA,CAA0B,IAAA,CAAK,cAAc,CAAA;AACxE,IAAA,MAAM,iBAAA,EAAmB,uBAAA;AAAA,MACvB,cAAA;AAAA,MACA,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE;AAAA,IACvB,CAAA;AAEA,IAAA,MAAM,SAAA,EAAWA,sBAAAA,CAAa,QAAA,CAAS,gBAAgB,CAAA;AAEvD,IAAA,gBAAA,CAAiB,CAAA;AAEjB,IAAA,IAAI;AACF,MAAA,qCAAA,mBAAe,EAAqB,iBAAA,EAAmB,cAAc,CAAA;AAAA,IACvE,EAAA,MAAA,CAAS,KAAA,EAAO;AACd,MAAA,MAAA,CAAO,IAAA,CAAK,yCAAA,EAA2C,KAAK,CAAA;AAAA,IAC9D;AAEA,IAAA,OAAO,QAAA;AAAA,EACT,CAAA,CAAA;AAAA;AAcO,IAAM,QAAA,EACX,CAAC,WAAA,EAAa,CAAC,CAAA,EAAA,GACf,CAAO,OAAA,EAAA,GAAgD,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACrD,EAAA,MAAM,OAAA,EAAS,gDAAA,UAA4B,CAAA;AAE3C,EAAA,IAAI;AACF,IAAA,MAAM,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,QAAA;AACjC,IAAA,MAAM,aAAA,EAAe,QAAA,CAAS,KAAA,CAAM,GAAG,CAAA;AACvC,IAAA,MAAM,YAAA,EAAc,YAAA,CAAa,YAAA,CAAa,OAAA,EAAS,CAAC,CAAA;AAExD,IAAA,OAAA,CAAQ,WAAA,EAAa;AAAA,MACnB,KAAK,WAAA;AACH,QAAA,OAAO,MAAM,eAAA,CAAgB,CAAA;AAAA,MAC/B,KAAK,UAAA;AACH,QAAA,OAAO,MAAM,cAAA,CAAe,OAAA,EAAS,MAAM,CAAA;AAAA,MAC7C,KAAK,QAAA;AACH,QAAA,OAAO,MAAM,YAAA,CAAa,OAAA,EAAS,MAAM,CAAA;AAAA,MAC3C,OAAA;AACE,QAAA,MAAM,IAAI,SAAA,CAAU,CAAA,oBAAA,EAAuB,QAAQ,CAAA,CAAA;AACvD,IAAA;AACc,EAAA;AAC2B,IAAA;AAES,IAAA;AAEjB,IAAA;AAEsB,IAAA;AAEtC,IAAA;AACV,IAAA;AACT,EAAA;AACF;AL0E0D;AACA;AACA;AACA;AACA;AACA;AACA;AACA","file":"/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/nextjs.js","sourcesContent":[null,"import { AuthStorage } from \"@/server\";\nimport { User } from \"@/types\";\nimport { NextjsClientCookies } from \"./types\";\n\nexport interface UserSession {\n  get(): User | null;\n  set(user: User): void;\n}\n\nexport class GenericUserSession implements UserSession {\n  constructor(readonly storage: AuthStorage) {}\n\n  get(): User | null {\n    const user = this.storage.get(NextjsClientCookies.USER);\n    return user ? JSON.parse(user) : null;\n  }\n\n  set(user: User | null): void {\n    const value = user ? JSON.stringify(user) : \"\";\n    this.storage.set(NextjsClientCookies.USER, value);\n  }\n}\n","import { SessionData, UnknownObject, User } from \"@/types\";\nimport { NextResponse } from \"next/server\";\nimport { AuthConfig } from \"./config\";\nimport { CookieStorage, CookieStorageSettings } from \"@/server\";\nimport { cookies } from \"next/headers.js\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\nimport { clearTokens } from \"@/shared/util\";\n\n/**\n * Creates HTTP-only cookies for authentication tokens\n */\nconst createTokenCookies = (\n  response: NextResponse,\n  sessionData: SessionData,\n  config: AuthConfig,\n) => {\n  const maxAge = sessionData.expiresIn ?? 3600;\n  const cookieOptions = {\n    ...config.cookies?.tokens,\n    maxAge,\n  };\n\n  if (sessionData.accessToken) {\n    response.cookies.set(\"access_token\", sessionData.accessToken, {\n      ...cookieOptions,\n      httpOnly: true,\n    });\n  }\n\n  if (sessionData.idToken) {\n    response.cookies.set(\"id_token\", sessionData.idToken, {\n      ...cookieOptions,\n      httpOnly: true,\n    });\n  }\n\n  if (sessionData.refreshToken) {\n    response.cookies.set(\"refresh_token\", sessionData.refreshToken, {\n      ...cookieOptions,\n      httpOnly: true,\n    });\n  }\n};\n\n/**\n * Creates a client-readable cookie with user info\n */\nconst createUserInfoCookie = (\n  response: NextResponse,\n  user: User<UnknownObject> | null,\n  sessionData: SessionData,\n  config: AuthConfig,\n) => {\n  if (!user) {\n    response.cookies.set(\"user\", \"\", {\n      ...config.cookies?.user,\n      maxAge: 0,\n    });\n    return;\n  }\n  const maxAge = sessionData.expiresIn ?? 3600;\n\n  // TODO select fields to include in the user cookie\n  const frontendUser = {\n    ...user,\n  };\n\n  // TODO make call to get user info from the\n  // auth server /userinfo endpoint when it's available\n  // then add to the default claims above\n\n  response.cookies.set(\"user\", JSON.stringify(frontendUser), {\n    ...config.cookies?.user,\n    maxAge,\n  });\n};\n\n/**\n * Clears all authentication cookies\n */\nconst clearAuthCookies = async () => {\n  // clear session, and tokens\n  const cookieStorage = new NextjsCookieStorage();\n  clearTokens(cookieStorage);\n\n  // clear user\n  const clientStorage = new NextjsClientStorage();\n  const userSession = new GenericUserSession(clientStorage);\n  userSession.set(null);\n};\n\nclass NextjsCookieStorage extends CookieStorage {\n  constructor(config: Partial<CookieStorageSettings> = {}) {\n    super({\n      ...config,\n      secure: true,\n      httpOnly: true,\n    });\n  }\n\n  get(key: string): string | null {\n    return cookies().get(key)?.value || null;\n  }\n\n  set(key: string, value: string): void {\n    cookies().set(key, value, this.settings);\n  }\n}\n\nclass NextjsClientStorage extends CookieStorage {\n  constructor(config: Partial<CookieStorageSettings> = {}) {\n    super({\n      ...config,\n      secure: false,\n      httpOnly: false,\n    });\n  }\n\n  get(key: string): string | null {\n    return cookies().get(key)?.value || null;\n  }\n\n  set(key: string, value: string): void {\n    cookies().set(key, value, this.settings);\n  }\n}\n\nexport {\n  createTokenCookies,\n  createUserInfoCookie,\n  clearAuthCookies,\n  NextjsCookieStorage,\n  NextjsClientStorage,\n};\n","/**\n * Used on the server-side to get the user object from the cookie\n */\nimport { User } from \"@/types\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\nimport { NextjsClientStorage } from \"./cookies\";\n\nexport const getUser = (): User | null => {\n  const clientStorage = new NextjsClientStorage();\n  const userSession = new GenericUserSession(clientStorage);\n  return userSession.get();\n};\n","/**\n * Authenticates the user on all requests by checking the token cookie\n *\n * Usage:\n * Option 1: use if no other middleware (e.g. no next-intl etc)\n * export default authMiddleware();\n *\n * Option 2: use if other middleware is needed - default auth config\n * export default withAuth((request) => {\n *    console.log('in custom middleware', request.nextUrl.pathname);\n *    return NextResponse.next();\n * })\n *\n * Option 3: use if other middleware is needed - specifying auth config\n * const withCivicAuth = auth({ loginUrl: '/login', include: ['/[.*]/user'] })\n * export default withCivicAuth((request) => {\n *   console.log('in custom middleware', request.url);\n *   return NextResponse.next();\n * })\n *\n */\nimport { NextRequest, NextResponse } from \"next/server.js\";\nimport picomatch from \"picomatch\";\nimport {\n  AuthConfig,\n  defaultAuthConfig,\n  resolveAuthConfig,\n} from \"@/nextjs/config.js\";\n\ntype Middleware = (\n  request: NextRequest,\n) => Promise<NextResponse> | NextResponse;\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchGlob = (pathname: string, globPattern: string) => {\n  const matches = picomatch(globPattern);\n  return matches(pathname);\n};\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchesGlobs = (pathname: string, patterns: string[]) =>\n  patterns.some((pattern) => {\n    if (!pattern) return false;\n    console.log(\"matching\", {\n      pattern,\n      pathname,\n      match: matchGlob(pathname, pattern),\n    });\n    return matchGlob(pathname, pattern);\n  });\n\n// internal - used by all exported functions\nconst applyAuth = async (\n  authConfig: AuthConfig,\n  request: NextRequest,\n): Promise<NextResponse | undefined> => {\n  const authConfigWithDefaults = resolveAuthConfig(authConfig);\n\n  // Check for any valid auth token\n  // TODO check if token is not expired\n  const isAuthenticated = !!request.cookies.get(\"id_token\");\n\n  // skip auth check for login url\n  if (request.nextUrl.pathname === authConfigWithDefaults.loginUrl) {\n    console.log(\"→ Skipping auth check - this is the login URL\");\n    return undefined;\n  }\n\n  if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {\n    console.log(\"→ Skipping auth check - path not in include patterns\");\n    return undefined;\n  }\n\n  if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {\n    console.log(\"→ Skipping auth check - path in exclude patterns\");\n    return undefined;\n  }\n\n  // Check for either token type\n  if (!isAuthenticated) {\n    console.log(\"→ No valid token found - redirecting to login\");\n    const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.url);\n    return NextResponse.redirect(loginUrl);\n  }\n\n  console.log(\"→ Auth check passed\");\n  return undefined;\n};\n\n/**\n *\n * Use this when auth is the only middleware you need.\n * Usage:\n *\n * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();\n *\n */\nexport const authMiddleware =\n  (authConfig = defaultAuthConfig) =>\n  async (request: NextRequest): Promise<NextResponse> => {\n    const response = await applyAuth(authConfig, request);\n    if (response) return response;\n\n    // NextJS doesn't do middleware chaining yet, so this does not mean\n    // \"call the next middleware\" - it means \"continue to the route handler\"\n    return NextResponse.next();\n  };\n\n/**\n * Usage:\n *\n * export default withAuth(async (request) => {\n *    console.log('my middleware');\n *    return NextResponse.next();\n *  })\n */\n// use this when you have your own middleware to chain\nexport function withAuth(\n  middleware: Middleware,\n): (request: NextRequest) => Promise<NextResponse> {\n  return async (request: NextRequest): Promise<NextResponse> => {\n    const response = await applyAuth({}, request);\n    if (response) return response;\n    return middleware(request);\n  };\n}\n\n/**\n * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)\n *\n * Usage:\n *\n * const withAuth = auth({ loginUrl = '/login' }); // or just auth();\n *\n * export default withAuth(async (request) => {\n *    console.log('my middleware');\n *    return NextResponse.next();\n *  })\n *\n */\nexport function auth(authConfig: AuthConfig = {}) {\n  return (\n    middleware: Middleware,\n  ): ((request: NextRequest) => Promise<NextResponse>) => {\n    return async (request: NextRequest): Promise<NextResponse> => {\n      const response = await applyAuth(authConfig, request);\n      if (response) return response;\n      return middleware(request);\n    };\n  };\n}\n","import { NextRequest, NextResponse } from \"next/server.js\";\nimport { revalidatePath } from \"next/cache.js\";\nimport { AuthConfig, resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport {\n  clearAuthCookies,\n  NextjsClientStorage,\n  NextjsCookieStorage,\n} from \"./cookies.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { resolveOAuthAccessCode } from \"@/server/login.js\";\nimport { getUser } from \"@/server/session.js\";\nimport { resolveCallbackUrl } from \"./utils.js\";\nimport { GenericUserSession } from \"@/shared/UserSession.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nclass AuthError extends Error {\n  constructor(\n    message: string,\n    public readonly status: number = 401,\n  ) {\n    super(message);\n    this.name = \"AuthError\";\n  }\n}\n\n/**\n * create a code verifier and challenge for PKCE\n * saving the verifier in a cookie for later use\n * @returns {Promise<NextResponse>}\n */\nasync function handleChallenge(): Promise<NextResponse> {\n  const cookieStorage = new NextjsCookieStorage();\n  const pkceProducer = new GenericPublicClientPKCEProducer(cookieStorage);\n\n  const challenge = await pkceProducer.getCodeChallenge();\n\n  return NextResponse.json({ status: \"success\", challenge });\n}\n\nasync function handleCallback(\n  request: NextRequest,\n  config: AuthConfig,\n): Promise<NextResponse> {\n  const code = request.nextUrl.searchParams.get(\"code\");\n  const state = request.nextUrl.searchParams.get(\"state\");\n  if (!code || !state) throw new AuthError(\"Bad parameters\", 400);\n\n  const cookieStorage = new NextjsCookieStorage();\n\n  const resolvedConfigs = resolveAuthConfig(config);\n  const callbackUrl = resolveCallbackUrl(resolvedConfigs, request.url);\n\n  try {\n    await resolveOAuthAccessCode(code, state, cookieStorage, {\n      ...resolvedConfigs,\n      redirectUrl: callbackUrl,\n    });\n  } catch (error) {\n    logger.error(\"Token exchange failed:\", error);\n    throw new AuthError(\"Failed to authenticate user\", 401);\n  }\n\n  const user = await getUser(cookieStorage);\n  if (!user) {\n    throw new AuthError(\"Failed to get user info\", 401);\n  }\n\n  const clientStorage = new NextjsClientStorage();\n  const userSession = new GenericUserSession(clientStorage);\n\n  userSession.set(user);\n\n  // return an empty HTML response so the iframe doesn't show any response\n  // in the short moment between the redirect and the parent window\n  // acknowledging the redirect and closing the iframe\n  const response = new NextResponse(`<html></html>`);\n  response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n  return response;\n}\n\n/**\n * If redirectPath is an absolute path, return it as-is.\n * Otherwise for relative paths, append it to the current domain.\n * @param redirectPath\n * @returns\n */\nconst getAbsoluteRedirectPath = (\n  redirectPath: string,\n  currentBasePath: string,\n) => {\n  // Check if the redirectPath is an absolute URL\n  if (/^(https?:\\/\\/|www\\.).+/i.test(redirectPath)) {\n    return redirectPath; // Return as-is if it's an absolute URL\n  }\n  return new URL(redirectPath, currentBasePath).href;\n};\n\nasync function handleLogout(\n  request: NextRequest,\n  config: AuthConfig,\n): Promise<NextResponse> {\n  const resolvedConfigs = resolveAuthConfig(config);\n  const defaultRedirectPath = resolvedConfigs.loginUrl ?? \"/\";\n  const redirectTarget =\n    new URL(request.url).searchParams.get(\"redirect\") || defaultRedirectPath;\n  const isAbsoluteRedirect = /^(https?:\\/\\/|www\\.).+/i.test(redirectTarget);\n  const finalRedirectUrl = getAbsoluteRedirectPath(\n    redirectTarget,\n    new URL(request.url).origin,\n  );\n\n  const response = NextResponse.redirect(finalRedirectUrl);\n\n  clearAuthCookies();\n\n  try {\n    revalidatePath(isAbsoluteRedirect ? finalRedirectUrl : redirectTarget);\n  } catch (error) {\n    logger.warn(\"Failed to revalidate path after logout:\", error);\n  }\n\n  return response;\n}\n\n/**\n * Creates an authentication handler for Next.js API routes\n *\n * Usage:\n * ```ts\n * // app/api/auth/[...civicauth]/route.ts\n * import { handler } from '@civic/auth/nextjs'\n * export const GET = handler({\n *   // optional config overrides\n * })\n * ```\n */\nexport const handler =\n  (authConfig = {}) =>\n  async (request: NextRequest): Promise<NextResponse> => {\n    const config = resolveAuthConfig(authConfig);\n\n    try {\n      const pathname = request.nextUrl.pathname;\n      const pathSegments = pathname.split(\"/\");\n      const lastSegment = pathSegments[pathSegments.length - 1];\n\n      switch (lastSegment) {\n        case \"challenge\":\n          return await handleChallenge();\n        case \"callback\":\n          return await handleCallback(request, config);\n        case \"logout\":\n          return await handleLogout(request, config);\n        default:\n          throw new AuthError(`Invalid auth route: ${pathname}`, 404);\n      }\n    } catch (error) {\n      logger.error(\"Auth handler error:\", error);\n\n      const status = error instanceof AuthError ? error.status : 500;\n      const message =\n        error instanceof Error ? error.message : \"Authentication failed\";\n\n      const response = NextResponse.json({ error: message }, { status });\n\n      clearAuthCookies();\n      return response;\n    }\n  };\n"]}

package/dist/nextjs.mjs

@@ -1,253 +0,0 @@
-import {
-  createCivicAuthPlugin,
-  defaultAuthConfig,
-  loggers,
-  resolveAuthConfig,
-  resolveCallbackUrl
-} from "./chunk-NQPMNXBL.mjs";
-import {
-  CookieStorage,
-  GenericPublicClientPKCEProducer,
-  getUser,
-  resolveOAuthAccessCode
-} from "./chunk-UV56GNIT.mjs";
-import {
-  clearTokens
-} from "./chunk-GNGLWGZJ.mjs";
-import {
-  __async,
-  __spreadProps,
-  __spreadValues
-} from "./chunk-RGHW4PYM.mjs";
-
-// src/shared/UserSession.ts
-var GenericUserSession = class {
-  constructor(storage) {
-    this.storage = storage;
-  }
-  get() {
-    const user = this.storage.get("user" /* USER */);
-    return user ? JSON.parse(user) : null;
-  }
-  set(user) {
-    const value = user ? JSON.stringify(user) : "";
-    this.storage.set("user" /* USER */, value);
-  }
-};
-
-// src/nextjs/cookies.ts
-import { cookies } from "next/headers.js";
-var clearAuthCookies = () => __async(void 0, null, function* () {
-  const cookieStorage = new NextjsCookieStorage();
-  clearTokens(cookieStorage);
-  const clientStorage = new NextjsClientStorage();
-  const userSession = new GenericUserSession(clientStorage);
-  userSession.set(null);
-});
-var NextjsCookieStorage = class extends CookieStorage {
-  constructor(config = {}) {
-    super(__spreadProps(__spreadValues({}, config), {
-      secure: true,
-      httpOnly: true
-    }));
-  }
-  get(key) {
-    var _a;
-    return ((_a = cookies().get(key)) == null ? void 0 : _a.value) || null;
-  }
-  set(key, value) {
-    cookies().set(key, value, this.settings);
-  }
-};
-var NextjsClientStorage = class extends CookieStorage {
-  constructor(config = {}) {
-    super(__spreadProps(__spreadValues({}, config), {
-      secure: false,
-      httpOnly: false
-    }));
-  }
-  get(key) {
-    var _a;
-    return ((_a = cookies().get(key)) == null ? void 0 : _a.value) || null;
-  }
-  set(key, value) {
-    cookies().set(key, value, this.settings);
-  }
-};
-
-// src/nextjs/GetUser.ts
-var getUser2 = () => {
-  const clientStorage = new NextjsClientStorage();
-  const userSession = new GenericUserSession(clientStorage);
-  return userSession.get();
-};
-
-// src/nextjs/middleware.ts
-import { NextResponse } from "next/server.js";
-import picomatch from "picomatch";
-var matchGlob = (pathname, globPattern) => {
-  const matches = picomatch(globPattern);
-  return matches(pathname);
-};
-var matchesGlobs = (pathname, patterns) => patterns.some((pattern) => {
-  if (!pattern) return false;
-  console.log("matching", {
-    pattern,
-    pathname,
-    match: matchGlob(pathname, pattern)
-  });
-  return matchGlob(pathname, pattern);
-});
-var applyAuth = (authConfig, request) => __async(void 0, null, function* () {
-  const authConfigWithDefaults = resolveAuthConfig(authConfig);
-  const isAuthenticated = !!request.cookies.get("id_token");
-  if (request.nextUrl.pathname === authConfigWithDefaults.loginUrl) {
-    console.log("\u2192 Skipping auth check - this is the login URL");
-    return void 0;
-  }
-  if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {
-    console.log("\u2192 Skipping auth check - path not in include patterns");
-    return void 0;
-  }
-  if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {
-    console.log("\u2192 Skipping auth check - path in exclude patterns");
-    return void 0;
-  }
-  if (!isAuthenticated) {
-    console.log("\u2192 No valid token found - redirecting to login");
-    const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.url);
-    return NextResponse.redirect(loginUrl);
-  }
-  console.log("\u2192 Auth check passed");
-  return void 0;
-});
-var authMiddleware = (authConfig = defaultAuthConfig) => (request) => __async(void 0, null, function* () {
-  const response = yield applyAuth(authConfig, request);
-  if (response) return response;
-  return NextResponse.next();
-});
-function withAuth(middleware) {
-  return (request) => __async(this, null, function* () {
-    const response = yield applyAuth({}, request);
-    if (response) return response;
-    return middleware(request);
-  });
-}
-function auth(authConfig = {}) {
-  return (middleware) => {
-    return (request) => __async(this, null, function* () {
-      const response = yield applyAuth(authConfig, request);
-      if (response) return response;
-      return middleware(request);
-    });
-  };
-}
-
-// src/nextjs/routeHandler.ts
-import { NextResponse as NextResponse2 } from "next/server.js";
-import { revalidatePath } from "next/cache.js";
-var logger = loggers.nextjs.handlers.auth;
-var AuthError = class extends Error {
-  constructor(message, status = 401) {
-    super(message);
-    this.status = status;
-    this.name = "AuthError";
-  }
-};
-function handleChallenge() {
-  return __async(this, null, function* () {
-    const cookieStorage = new NextjsCookieStorage();
-    const pkceProducer = new GenericPublicClientPKCEProducer(cookieStorage);
-    const challenge = yield pkceProducer.getCodeChallenge();
-    return NextResponse2.json({ status: "success", challenge });
-  });
-}
-function handleCallback(request, config) {
-  return __async(this, null, function* () {
-    const code = request.nextUrl.searchParams.get("code");
-    const state = request.nextUrl.searchParams.get("state");
-    if (!code || !state) throw new AuthError("Bad parameters", 400);
-    const cookieStorage = new NextjsCookieStorage();
-    const resolvedConfigs = resolveAuthConfig(config);
-    const callbackUrl = resolveCallbackUrl(resolvedConfigs, request.url);
-    try {
-      yield resolveOAuthAccessCode(code, state, cookieStorage, __spreadProps(__spreadValues({}, resolvedConfigs), {
-        redirectUrl: callbackUrl
-      }));
-    } catch (error) {
-      logger.error("Token exchange failed:", error);
-      throw new AuthError("Failed to authenticate user", 401);
-    }
-    const user = yield getUser(cookieStorage);
-    if (!user) {
-      throw new AuthError("Failed to get user info", 401);
-    }
-    const clientStorage = new NextjsClientStorage();
-    const userSession = new GenericUserSession(clientStorage);
-    userSession.set(user);
-    const response = new NextResponse2(`<html></html>`);
-    response.headers.set("Content-Type", "text/html; charset=utf-8");
-    return response;
-  });
-}
-var getAbsoluteRedirectPath = (redirectPath, currentBasePath) => {
-  if (/^(https?:\/\/|www\.).+/i.test(redirectPath)) {
-    return redirectPath;
-  }
-  return new URL(redirectPath, currentBasePath).href;
-};
-function handleLogout(request, config) {
-  return __async(this, null, function* () {
-    var _a;
-    const resolvedConfigs = resolveAuthConfig(config);
-    const defaultRedirectPath = (_a = resolvedConfigs.loginUrl) != null ? _a : "/";
-    const redirectTarget = new URL(request.url).searchParams.get("redirect") || defaultRedirectPath;
-    const isAbsoluteRedirect = /^(https?:\/\/|www\.).+/i.test(redirectTarget);
-    const finalRedirectUrl = getAbsoluteRedirectPath(
-      redirectTarget,
-      new URL(request.url).origin
-    );
-    const response = NextResponse2.redirect(finalRedirectUrl);
-    clearAuthCookies();
-    try {
-      revalidatePath(isAbsoluteRedirect ? finalRedirectUrl : redirectTarget);
-    } catch (error) {
-      logger.warn("Failed to revalidate path after logout:", error);
-    }
-    return response;
-  });
-}
-var handler = (authConfig = {}) => (request) => __async(void 0, null, function* () {
-  const config = resolveAuthConfig(authConfig);
-  try {
-    const pathname = request.nextUrl.pathname;
-    const pathSegments = pathname.split("/");
-    const lastSegment = pathSegments[pathSegments.length - 1];
-    switch (lastSegment) {
-      case "challenge":
-        return yield handleChallenge();
-      case "callback":
-        return yield handleCallback(request, config);
-      case "logout":
-        return yield handleLogout(request, config);
-      default:
-        throw new AuthError(`Invalid auth route: ${pathname}`, 404);
-    }
-  } catch (error) {
-    logger.error("Auth handler error:", error);
-    const status = error instanceof AuthError ? error.status : 500;
-    const message = error instanceof Error ? error.message : "Authentication failed";
-    const response = NextResponse2.json({ error: message }, { status });
-    clearAuthCookies();
-    return response;
-  }
-});
-export {
-  auth,
-  authMiddleware,
-  createCivicAuthPlugin,
-  getUser2 as getUser,
-  handler,
-  withAuth
-};
-//# sourceMappingURL=nextjs.mjs.map

package/dist/nextjs.mjs.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/shared/UserSession.ts","../src/nextjs/cookies.ts","../src/nextjs/GetUser.ts","../src/nextjs/middleware.ts","../src/nextjs/routeHandler.ts"],"sourcesContent":["import { AuthStorage } from \"@/server\";\nimport { User } from \"@/types\";\nimport { NextjsClientCookies } from \"./types\";\n\nexport interface UserSession {\n  get(): User | null;\n  set(user: User): void;\n}\n\nexport class GenericUserSession implements UserSession {\n  constructor(readonly storage: AuthStorage) {}\n\n  get(): User | null {\n    const user = this.storage.get(NextjsClientCookies.USER);\n    return user ? JSON.parse(user) : null;\n  }\n\n  set(user: User | null): void {\n    const value = user ? JSON.stringify(user) : \"\";\n    this.storage.set(NextjsClientCookies.USER, value);\n  }\n}\n","import { SessionData, UnknownObject, User } from \"@/types\";\nimport { NextResponse } from \"next/server\";\nimport { AuthConfig } from \"./config\";\nimport { CookieStorage, CookieStorageSettings } from \"@/server\";\nimport { cookies } from \"next/headers.js\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\nimport { clearTokens } from \"@/shared/util\";\n\n/**\n * Creates HTTP-only cookies for authentication tokens\n */\nconst createTokenCookies = (\n  response: NextResponse,\n  sessionData: SessionData,\n  config: AuthConfig,\n) => {\n  const maxAge = sessionData.expiresIn ?? 3600;\n  const cookieOptions = {\n    ...config.cookies?.tokens,\n    maxAge,\n  };\n\n  if (sessionData.accessToken) {\n    response.cookies.set(\"access_token\", sessionData.accessToken, {\n      ...cookieOptions,\n      httpOnly: true,\n    });\n  }\n\n  if (sessionData.idToken) {\n    response.cookies.set(\"id_token\", sessionData.idToken, {\n      ...cookieOptions,\n      httpOnly: true,\n    });\n  }\n\n  if (sessionData.refreshToken) {\n    response.cookies.set(\"refresh_token\", sessionData.refreshToken, {\n      ...cookieOptions,\n      httpOnly: true,\n    });\n  }\n};\n\n/**\n * Creates a client-readable cookie with user info\n */\nconst createUserInfoCookie = (\n  response: NextResponse,\n  user: User<UnknownObject> | null,\n  sessionData: SessionData,\n  config: AuthConfig,\n) => {\n  if (!user) {\n    response.cookies.set(\"user\", \"\", {\n      ...config.cookies?.user,\n      maxAge: 0,\n    });\n    return;\n  }\n  const maxAge = sessionData.expiresIn ?? 3600;\n\n  // TODO select fields to include in the user cookie\n  const frontendUser = {\n    ...user,\n  };\n\n  // TODO make call to get user info from the\n  // auth server /userinfo endpoint when it's available\n  // then add to the default claims above\n\n  response.cookies.set(\"user\", JSON.stringify(frontendUser), {\n    ...config.cookies?.user,\n    maxAge,\n  });\n};\n\n/**\n * Clears all authentication cookies\n */\nconst clearAuthCookies = async () => {\n  // clear session, and tokens\n  const cookieStorage = new NextjsCookieStorage();\n  clearTokens(cookieStorage);\n\n  // clear user\n  const clientStorage = new NextjsClientStorage();\n  const userSession = new GenericUserSession(clientStorage);\n  userSession.set(null);\n};\n\nclass NextjsCookieStorage extends CookieStorage {\n  constructor(config: Partial<CookieStorageSettings> = {}) {\n    super({\n      ...config,\n      secure: true,\n      httpOnly: true,\n    });\n  }\n\n  get(key: string): string | null {\n    return cookies().get(key)?.value || null;\n  }\n\n  set(key: string, value: string): void {\n    cookies().set(key, value, this.settings);\n  }\n}\n\nclass NextjsClientStorage extends CookieStorage {\n  constructor(config: Partial<CookieStorageSettings> = {}) {\n    super({\n      ...config,\n      secure: false,\n      httpOnly: false,\n    });\n  }\n\n  get(key: string): string | null {\n    return cookies().get(key)?.value || null;\n  }\n\n  set(key: string, value: string): void {\n    cookies().set(key, value, this.settings);\n  }\n}\n\nexport {\n  createTokenCookies,\n  createUserInfoCookie,\n  clearAuthCookies,\n  NextjsCookieStorage,\n  NextjsClientStorage,\n};\n","/**\n * Used on the server-side to get the user object from the cookie\n */\nimport { User } from \"@/types\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\nimport { NextjsClientStorage } from \"./cookies\";\n\nexport const getUser = (): User | null => {\n  const clientStorage = new NextjsClientStorage();\n  const userSession = new GenericUserSession(clientStorage);\n  return userSession.get();\n};\n","/**\n * Authenticates the user on all requests by checking the token cookie\n *\n * Usage:\n * Option 1: use if no other middleware (e.g. no next-intl etc)\n * export default authMiddleware();\n *\n * Option 2: use if other middleware is needed - default auth config\n * export default withAuth((request) => {\n *    console.log('in custom middleware', request.nextUrl.pathname);\n *    return NextResponse.next();\n * })\n *\n * Option 3: use if other middleware is needed - specifying auth config\n * const withCivicAuth = auth({ loginUrl: '/login', include: ['/[.*]/user'] })\n * export default withCivicAuth((request) => {\n *   console.log('in custom middleware', request.url);\n *   return NextResponse.next();\n * })\n *\n */\nimport { NextRequest, NextResponse } from \"next/server.js\";\nimport picomatch from \"picomatch\";\nimport {\n  AuthConfig,\n  defaultAuthConfig,\n  resolveAuthConfig,\n} from \"@/nextjs/config.js\";\n\ntype Middleware = (\n  request: NextRequest,\n) => Promise<NextResponse> | NextResponse;\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchGlob = (pathname: string, globPattern: string) => {\n  const matches = picomatch(globPattern);\n  return matches(pathname);\n};\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchesGlobs = (pathname: string, patterns: string[]) =>\n  patterns.some((pattern) => {\n    if (!pattern) return false;\n    console.log(\"matching\", {\n      pattern,\n      pathname,\n      match: matchGlob(pathname, pattern),\n    });\n    return matchGlob(pathname, pattern);\n  });\n\n// internal - used by all exported functions\nconst applyAuth = async (\n  authConfig: AuthConfig,\n  request: NextRequest,\n): Promise<NextResponse | undefined> => {\n  const authConfigWithDefaults = resolveAuthConfig(authConfig);\n\n  // Check for any valid auth token\n  // TODO check if token is not expired\n  const isAuthenticated = !!request.cookies.get(\"id_token\");\n\n  // skip auth check for login url\n  if (request.nextUrl.pathname === authConfigWithDefaults.loginUrl) {\n    console.log(\"→ Skipping auth check - this is the login URL\");\n    return undefined;\n  }\n\n  if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {\n    console.log(\"→ Skipping auth check - path not in include patterns\");\n    return undefined;\n  }\n\n  if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {\n    console.log(\"→ Skipping auth check - path in exclude patterns\");\n    return undefined;\n  }\n\n  // Check for either token type\n  if (!isAuthenticated) {\n    console.log(\"→ No valid token found - redirecting to login\");\n    const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.url);\n    return NextResponse.redirect(loginUrl);\n  }\n\n  console.log(\"→ Auth check passed\");\n  return undefined;\n};\n\n/**\n *\n * Use this when auth is the only middleware you need.\n * Usage:\n *\n * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();\n *\n */\nexport const authMiddleware =\n  (authConfig = defaultAuthConfig) =>\n  async (request: NextRequest): Promise<NextResponse> => {\n    const response = await applyAuth(authConfig, request);\n    if (response) return response;\n\n    // NextJS doesn't do middleware chaining yet, so this does not mean\n    // \"call the next middleware\" - it means \"continue to the route handler\"\n    return NextResponse.next();\n  };\n\n/**\n * Usage:\n *\n * export default withAuth(async (request) => {\n *    console.log('my middleware');\n *    return NextResponse.next();\n *  })\n */\n// use this when you have your own middleware to chain\nexport function withAuth(\n  middleware: Middleware,\n): (request: NextRequest) => Promise<NextResponse> {\n  return async (request: NextRequest): Promise<NextResponse> => {\n    const response = await applyAuth({}, request);\n    if (response) return response;\n    return middleware(request);\n  };\n}\n\n/**\n * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)\n *\n * Usage:\n *\n * const withAuth = auth({ loginUrl = '/login' }); // or just auth();\n *\n * export default withAuth(async (request) => {\n *    console.log('my middleware');\n *    return NextResponse.next();\n *  })\n *\n */\nexport function auth(authConfig: AuthConfig = {}) {\n  return (\n    middleware: Middleware,\n  ): ((request: NextRequest) => Promise<NextResponse>) => {\n    return async (request: NextRequest): Promise<NextResponse> => {\n      const response = await applyAuth(authConfig, request);\n      if (response) return response;\n      return middleware(request);\n    };\n  };\n}\n","import { NextRequest, NextResponse } from \"next/server.js\";\nimport { revalidatePath } from \"next/cache.js\";\nimport { AuthConfig, resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport {\n  clearAuthCookies,\n  NextjsClientStorage,\n  NextjsCookieStorage,\n} from \"./cookies.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { resolveOAuthAccessCode } from \"@/server/login.js\";\nimport { getUser } from \"@/server/session.js\";\nimport { resolveCallbackUrl } from \"./utils.js\";\nimport { GenericUserSession } from \"@/shared/UserSession.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nclass AuthError extends Error {\n  constructor(\n    message: string,\n    public readonly status: number = 401,\n  ) {\n    super(message);\n    this.name = \"AuthError\";\n  }\n}\n\n/**\n * create a code verifier and challenge for PKCE\n * saving the verifier in a cookie for later use\n * @returns {Promise<NextResponse>}\n */\nasync function handleChallenge(): Promise<NextResponse> {\n  const cookieStorage = new NextjsCookieStorage();\n  const pkceProducer = new GenericPublicClientPKCEProducer(cookieStorage);\n\n  const challenge = await pkceProducer.getCodeChallenge();\n\n  return NextResponse.json({ status: \"success\", challenge });\n}\n\nasync function handleCallback(\n  request: NextRequest,\n  config: AuthConfig,\n): Promise<NextResponse> {\n  const code = request.nextUrl.searchParams.get(\"code\");\n  const state = request.nextUrl.searchParams.get(\"state\");\n  if (!code || !state) throw new AuthError(\"Bad parameters\", 400);\n\n  const cookieStorage = new NextjsCookieStorage();\n\n  const resolvedConfigs = resolveAuthConfig(config);\n  const callbackUrl = resolveCallbackUrl(resolvedConfigs, request.url);\n\n  try {\n    await resolveOAuthAccessCode(code, state, cookieStorage, {\n      ...resolvedConfigs,\n      redirectUrl: callbackUrl,\n    });\n  } catch (error) {\n    logger.error(\"Token exchange failed:\", error);\n    throw new AuthError(\"Failed to authenticate user\", 401);\n  }\n\n  const user = await getUser(cookieStorage);\n  if (!user) {\n    throw new AuthError(\"Failed to get user info\", 401);\n  }\n\n  const clientStorage = new NextjsClientStorage();\n  const userSession = new GenericUserSession(clientStorage);\n\n  userSession.set(user);\n\n  // return an empty HTML response so the iframe doesn't show any response\n  // in the short moment between the redirect and the parent window\n  // acknowledging the redirect and closing the iframe\n  const response = new NextResponse(`<html></html>`);\n  response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n  return response;\n}\n\n/**\n * If redirectPath is an absolute path, return it as-is.\n * Otherwise for relative paths, append it to the current domain.\n * @param redirectPath\n * @returns\n */\nconst getAbsoluteRedirectPath = (\n  redirectPath: string,\n  currentBasePath: string,\n) => {\n  // Check if the redirectPath is an absolute URL\n  if (/^(https?:\\/\\/|www\\.).+/i.test(redirectPath)) {\n    return redirectPath; // Return as-is if it's an absolute URL\n  }\n  return new URL(redirectPath, currentBasePath).href;\n};\n\nasync function handleLogout(\n  request: NextRequest,\n  config: AuthConfig,\n): Promise<NextResponse> {\n  const resolvedConfigs = resolveAuthConfig(config);\n  const defaultRedirectPath = resolvedConfigs.loginUrl ?? \"/\";\n  const redirectTarget =\n    new URL(request.url).searchParams.get(\"redirect\") || defaultRedirectPath;\n  const isAbsoluteRedirect = /^(https?:\\/\\/|www\\.).+/i.test(redirectTarget);\n  const finalRedirectUrl = getAbsoluteRedirectPath(\n    redirectTarget,\n    new URL(request.url).origin,\n  );\n\n  const response = NextResponse.redirect(finalRedirectUrl);\n\n  clearAuthCookies();\n\n  try {\n    revalidatePath(isAbsoluteRedirect ? finalRedirectUrl : redirectTarget);\n  } catch (error) {\n    logger.warn(\"Failed to revalidate path after logout:\", error);\n  }\n\n  return response;\n}\n\n/**\n * Creates an authentication handler for Next.js API routes\n *\n * Usage:\n * ```ts\n * // app/api/auth/[...civicauth]/route.ts\n * import { handler } from '@civic/auth/nextjs'\n * export const GET = handler({\n *   // optional config overrides\n * })\n * ```\n */\nexport const handler =\n  (authConfig = {}) =>\n  async (request: NextRequest): Promise<NextResponse> => {\n    const config = resolveAuthConfig(authConfig);\n\n    try {\n      const pathname = request.nextUrl.pathname;\n      const pathSegments = pathname.split(\"/\");\n      const lastSegment = pathSegments[pathSegments.length - 1];\n\n      switch (lastSegment) {\n        case \"challenge\":\n          return await handleChallenge();\n        case \"callback\":\n          return await handleCallback(request, config);\n        case \"logout\":\n          return await handleLogout(request, config);\n        default:\n          throw new AuthError(`Invalid auth route: ${pathname}`, 404);\n      }\n    } catch (error) {\n      logger.error(\"Auth handler error:\", error);\n\n      const status = error instanceof AuthError ? error.status : 500;\n      const message =\n        error instanceof Error ? error.message : \"Authentication failed\";\n\n      const response = NextResponse.json({ error: message }, { status });\n\n      clearAuthCookies();\n      return response;\n    }\n  };\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AASO,IAAM,qBAAN,MAAgD;AAAA,EACrD,YAAqB,SAAsB;AAAtB;AAAA,EAAuB;AAAA,EAE5C,MAAmB;AACjB,UAAM,OAAO,KAAK,QAAQ,qBAA4B;AACtD,WAAO,OAAO,KAAK,MAAM,IAAI,IAAI;AAAA,EACnC;AAAA,EAEA,IAAI,MAAyB;AAC3B,UAAM,QAAQ,OAAO,KAAK,UAAU,IAAI,IAAI;AAC5C,SAAK,QAAQ,uBAA8B,KAAK;AAAA,EAClD;AACF;;;ACjBA,SAAS,eAAe;AA4ExB,IAAM,mBAAmB,MAAY;AAEnC,QAAM,gBAAgB,IAAI,oBAAoB;AAC9C,cAAY,aAAa;AAGzB,QAAM,gBAAgB,IAAI,oBAAoB;AAC9C,QAAM,cAAc,IAAI,mBAAmB,aAAa;AACxD,cAAY,IAAI,IAAI;AACtB;AAEA,IAAM,sBAAN,cAAkC,cAAc;AAAA,EAC9C,YAAY,SAAyC,CAAC,GAAG;AACvD,UAAM,iCACD,SADC;AAAA,MAEJ,QAAQ;AAAA,MACR,UAAU;AAAA,IACZ,EAAC;AAAA,EACH;AAAA,EAEA,IAAI,KAA4B;AApGlC;AAqGI,aAAO,aAAQ,EAAE,IAAI,GAAG,MAAjB,mBAAoB,UAAS;AAAA,EACtC;AAAA,EAEA,IAAI,KAAa,OAAqB;AACpC,YAAQ,EAAE,IAAI,KAAK,OAAO,KAAK,QAAQ;AAAA,EACzC;AACF;AAEA,IAAM,sBAAN,cAAkC,cAAc;AAAA,EAC9C,YAAY,SAAyC,CAAC,GAAG;AACvD,UAAM,iCACD,SADC;AAAA,MAEJ,QAAQ;AAAA,MACR,UAAU;AAAA,IACZ,EAAC;AAAA,EACH;AAAA,EAEA,IAAI,KAA4B;AAtHlC;AAuHI,aAAO,aAAQ,EAAE,IAAI,GAAG,MAAjB,mBAAoB,UAAS;AAAA,EACtC;AAAA,EAEA,IAAI,KAAa,OAAqB;AACpC,YAAQ,EAAE,IAAI,KAAK,OAAO,KAAK,QAAQ;AAAA,EACzC;AACF;;;ACtHO,IAAMA,WAAU,MAAmB;AACxC,QAAM,gBAAgB,IAAI,oBAAoB;AAC9C,QAAM,cAAc,IAAI,mBAAmB,aAAa;AACxD,SAAO,YAAY,IAAI;AACzB;;;ACUA,SAAsB,oBAAoB;AAC1C,OAAO,eAAe;AAgBtB,IAAM,YAAY,CAAC,UAAkB,gBAAwB;AAC3D,QAAM,UAAU,UAAU,WAAW;AACrC,SAAO,QAAQ,QAAQ;AACzB;AAOA,IAAM,eAAe,CAAC,UAAkB,aACtC,SAAS,KAAK,CAAC,YAAY;AACzB,MAAI,CAAC,QAAS,QAAO;AACrB,UAAQ,IAAI,YAAY;AAAA,IACtB;AAAA,IACA;AAAA,IACA,OAAO,UAAU,UAAU,OAAO;AAAA,EACpC,CAAC;AACD,SAAO,UAAU,UAAU,OAAO;AACpC,CAAC;AAGH,IAAM,YAAY,CAChB,YACA,YACsC;AACtC,QAAM,yBAAyB,kBAAkB,UAAU;AAI3D,QAAM,kBAAkB,CAAC,CAAC,QAAQ,QAAQ,IAAI,UAAU;AAGxD,MAAI,QAAQ,QAAQ,aAAa,uBAAuB,UAAU;AAChE,YAAQ,IAAI,oDAA+C;AAC3D,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,aAAa,QAAQ,QAAQ,UAAU,uBAAuB,OAAO,GAAG;AAC3E,YAAQ,IAAI,2DAAsD;AAClE,WAAO;AAAA,EACT;AAEA,MAAI,aAAa,QAAQ,QAAQ,UAAU,uBAAuB,OAAO,GAAG;AAC1E,YAAQ,IAAI,uDAAkD;AAC9D,WAAO;AAAA,EACT;AAGA,MAAI,CAAC,iBAAiB;AACpB,YAAQ,IAAI,oDAA+C;AAC3D,UAAM,WAAW,IAAI,IAAI,uBAAuB,UAAU,QAAQ,GAAG;AACrE,WAAO,aAAa,SAAS,QAAQ;AAAA,EACvC;AAEA,UAAQ,IAAI,0BAAqB;AACjC,SAAO;AACT;AAUO,IAAM,iBACX,CAAC,aAAa,sBACd,CAAO,YAAgD;AACrD,QAAM,WAAW,MAAM,UAAU,YAAY,OAAO;AACpD,MAAI,SAAU,QAAO;AAIrB,SAAO,aAAa,KAAK;AAC3B;AAWK,SAAS,SACd,YACiD;AACjD,SAAO,CAAO,YAAgD;AAC5D,UAAM,WAAW,MAAM,UAAU,CAAC,GAAG,OAAO;AAC5C,QAAI,SAAU,QAAO;AACrB,WAAO,WAAW,OAAO;AAAA,EAC3B;AACF;AAeO,SAAS,KAAK,aAAyB,CAAC,GAAG;AAChD,SAAO,CACL,eACsD;AACtD,WAAO,CAAO,YAAgD;AAC5D,YAAM,WAAW,MAAM,UAAU,YAAY,OAAO;AACpD,UAAI,SAAU,QAAO;AACrB,aAAO,WAAW,OAAO;AAAA,IAC3B;AAAA,EACF;AACF;;;AC9JA,SAAsB,gBAAAC,qBAAoB;AAC1C,SAAS,sBAAsB;AAc/B,IAAM,SAAS,QAAQ,OAAO,SAAS;AAEvC,IAAM,YAAN,cAAwB,MAAM;AAAA,EAC5B,YACE,SACgB,SAAiB,KACjC;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAOA,SAAe,kBAAyC;AAAA;AACtD,UAAM,gBAAgB,IAAI,oBAAoB;AAC9C,UAAM,eAAe,IAAI,gCAAgC,aAAa;AAEtE,UAAM,YAAY,MAAM,aAAa,iBAAiB;AAEtD,WAAOC,cAAa,KAAK,EAAE,QAAQ,WAAW,UAAU,CAAC;AAAA,EAC3D;AAAA;AAEA,SAAe,eACb,SACA,QACuB;AAAA;AACvB,UAAM,OAAO,QAAQ,QAAQ,aAAa,IAAI,MAAM;AACpD,UAAM,QAAQ,QAAQ,QAAQ,aAAa,IAAI,OAAO;AACtD,QAAI,CAAC,QAAQ,CAAC,MAAO,OAAM,IAAI,UAAU,kBAAkB,GAAG;AAE9D,UAAM,gBAAgB,IAAI,oBAAoB;AAE9C,UAAM,kBAAkB,kBAAkB,MAAM;AAChD,UAAM,cAAc,mBAAmB,iBAAiB,QAAQ,GAAG;AAEnE,QAAI;AACF,YAAM,uBAAuB,MAAM,OAAO,eAAe,iCACpD,kBADoD;AAAA,QAEvD,aAAa;AAAA,MACf,EAAC;AAAA,IACH,SAAS,OAAO;AACd,aAAO,MAAM,0BAA0B,KAAK;AAC5C,YAAM,IAAI,UAAU,+BAA+B,GAAG;AAAA,IACxD;AAEA,UAAM,OAAO,MAAM,QAAQ,aAAa;AACxC,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,UAAU,2BAA2B,GAAG;AAAA,IACpD;AAEA,UAAM,gBAAgB,IAAI,oBAAoB;AAC9C,UAAM,cAAc,IAAI,mBAAmB,aAAa;AAExD,gBAAY,IAAI,IAAI;AAKpB,UAAM,WAAW,IAAIA,cAAa,eAAe;AACjD,aAAS,QAAQ,IAAI,gBAAgB,0BAA0B;AAC/D,WAAO;AAAA,EACT;AAAA;AAQA,IAAM,0BAA0B,CAC9B,cACA,oBACG;AAEH,MAAI,0BAA0B,KAAK,YAAY,GAAG;AAChD,WAAO;AAAA,EACT;AACA,SAAO,IAAI,IAAI,cAAc,eAAe,EAAE;AAChD;AAEA,SAAe,aACb,SACA,QACuB;AAAA;AAtGzB;AAuGE,UAAM,kBAAkB,kBAAkB,MAAM;AAChD,UAAM,uBAAsB,qBAAgB,aAAhB,YAA4B;AACxD,UAAM,iBACJ,IAAI,IAAI,QAAQ,GAAG,EAAE,aAAa,IAAI,UAAU,KAAK;AACvD,UAAM,qBAAqB,0BAA0B,KAAK,cAAc;AACxE,UAAM,mBAAmB;AAAA,MACvB;AAAA,MACA,IAAI,IAAI,QAAQ,GAAG,EAAE;AAAA,IACvB;AAEA,UAAM,WAAWA,cAAa,SAAS,gBAAgB;AAEvD,qBAAiB;AAEjB,QAAI;AACF,qBAAe,qBAAqB,mBAAmB,cAAc;AAAA,IACvE,SAAS,OAAO;AACd,aAAO,KAAK,2CAA2C,KAAK;AAAA,IAC9D;AAEA,WAAO;AAAA,EACT;AAAA;AAcO,IAAM,UACX,CAAC,aAAa,CAAC,MACf,CAAO,YAAgD;AACrD,QAAM,SAAS,kBAAkB,UAAU;AAE3C,MAAI;AACF,UAAM,WAAW,QAAQ,QAAQ;AACjC,UAAM,eAAe,SAAS,MAAM,GAAG;AACvC,UAAM,cAAc,aAAa,aAAa,SAAS,CAAC;AAExD,YAAQ,aAAa;AAAA,MACnB,KAAK;AACH,eAAO,MAAM,gBAAgB;AAAA,MAC/B,KAAK;AACH,eAAO,MAAM,eAAe,SAAS,MAAM;AAAA,MAC7C,KAAK;AACH,eAAO,MAAM,aAAa,SAAS,MAAM;AAAA,MAC3C;AACE,cAAM,IAAI,UAAU,uBAAuB,QAAQ,IAAI,GAAG;AAAA,IAC9D;AAAA,EACF,SAAS,OAAO;AACd,WAAO,MAAM,uBAAuB,KAAK;AAEzC,UAAM,SAAS,iBAAiB,YAAY,MAAM,SAAS;AAC3D,UAAM,UACJ,iBAAiB,QAAQ,MAAM,UAAU;AAE3C,UAAM,WAAWA,cAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,OAAO,CAAC;AAEjE,qBAAiB;AACjB,WAAO;AAAA,EACT;AACF;","names":["getUser","NextResponse","NextResponse"]}

package/dist/react.d.mts

@@ -1,119 +0,0 @@
-import { JWT } from 'oslo/jwt';
-import { D as DisplayMode, U as User, F as ForwardedTokens, A as AuthSessionService, E as Endpoints, b as UserInfoService, S as SessionData, a as UnknownObject, O as OIDCTokenResponseBody, P as ParsedTokens, C as Config } from './index-DoDoIY_K.mjs';
-import * as react_jsx_runtime from 'react/jsx-runtime';
-import { ReactNode } from 'react';
-import { OAuth2Client } from 'oslo/oauth2';
-
-type AuthContextType = {
-    signIn: (displayMode?: DisplayMode) => Promise<void>;
-    isAuthenticated: boolean;
-    isLoading: boolean;
-    error: Error | null;
-    signOut: () => Promise<void>;
-};
-
-type UserContextType$1<T extends Record<string, unknown> & JWT["payload"] = Record<string, unknown> & JWT["payload"]> = {
-    user: User<T> | null;
-} & Omit<AuthContextType, "isAuthenticated">;
-
-type TokenContextType = {
-    accessToken: string | null;
-    idToken: string | null;
-    forwardedTokens: ForwardedTokens;
-    refreshToken: () => Promise<void>;
-    isLoading: boolean;
-    error: Error | null;
-};
-
-declare class AuthSessionServiceImpl implements AuthSessionService {
-    readonly clientId: string;
-    readonly redirectUrl: string;
-    readonly oauthServer: string;
-    readonly inputEndpoints?: Partial<Endpoints> | undefined;
-    private endpoints;
-    private oauth2Client;
-    private userInfoService;
-    private codeVerifier;
-    private refreshTokenTimeout;
-    constructor(clientId: string, redirectUrl: string, oauthServer: string, inputEndpoints?: Partial<Endpoints> | undefined);
-    protected getCodeVerifier(): string;
-    getUserInfoService(): Promise<UserInfoService>;
-    protected getEndpoints(): Promise<Endpoints>;
-    protected getOauth2Client(): Promise<OAuth2Client>;
-    getSessionData(): SessionData;
-    updateSessionData(data: Partial<SessionData>): void;
-    getUser(): User<UnknownObject> | null;
-    setUser(data: User<UnknownObject> | null): void;
-    clearSessionData(): void;
-    getAuthorizationUrlWithChallenge(state: string, scopes: string[]): Promise<URL>;
-    getAuthorizationUrl(scopes: string[], displayMode: DisplayMode, nonce?: string): Promise<string>;
-    loadAuthorizationUrl(authorizationURL: string, displayMode: DisplayMode): void;
-    init(): Promise<this>;
-    logout(): Promise<void>;
-    determineDisplayMode(displayMode: DisplayMode): DisplayMode;
-    signIn(displayMode: DisplayMode, scopes: string[], nonce: string): Promise<void>;
-    tokenExchange(responseUrl: string): Promise<SessionData>;
-    private setupTokenRefresh;
-    refreshToken(): Promise<SessionData>;
-    getUserInfo<T extends UnknownObject>(): Promise<User<T> | null>;
-    /**
-     * Uses the jose library to validate a JWT token using the OAuth JWKS endpoint
-     * @returns {Promise<jose.JWTPayload>}
-     * @throws {Error} if the token is invalid
-     * @param tokens
-     */
-    validateTokens(tokens: OIDCTokenResponseBody): Promise<ParsedTokens>;
-    validateExistingSession(): Promise<SessionData>;
-}
-
-type AuthProviderProps = {
-    children: ReactNode;
-    clientId: string;
-    redirectUrl?: string;
-    nonce?: string;
-    config?: Config;
-    onSignIn?: (error?: Error) => void;
-    onSignOut?: () => void;
-    authServiceImpl?: AuthSessionServiceImpl;
-    serverSideTokenExchange?: boolean;
-};
-
-type CivicAuthProviderProps = Omit<AuthProviderProps, "authServiceImpl" | "serverSideTokenExchange">;
-declare const CivicAuthProvider: ({ children, ...props }: CivicAuthProviderProps) => react_jsx_runtime.JSX.Element;
-
-type UserContextType = {
-    user: User<UnknownObject> | null;
-};
-type NextCivicAuthProviderProps = Omit<AuthProviderProps, "clientId">;
-declare const CivicNextAuthProvider: ({ children, ...props }: NextCivicAuthProviderProps) => react_jsx_runtime.JSX.Element;
-declare const useNextUser: () => UserContextType;
-
-declare const useUser: <T extends Record<string, unknown> = Record<string, never>>() => UserContextType$1<T>;
-
-declare const useUserCookie: () => any;
-
-declare const useToken: () => TokenContextType;
-
-declare const useAuth: () => AuthContextType;
-
-declare const useSession: () => SessionData;
-
-declare const UserButton: ({ displayMode, className, }: {
-    displayMode?: DisplayMode;
-    className?: string;
-}) => react_jsx_runtime.JSX.Element;
-
-declare const SignInButton: ({ displayMode, className, }: {
-    displayMode?: DisplayMode;
-    className?: string;
-}) => react_jsx_runtime.JSX.Element;
-
-declare const SignOutButton: ({ className }: {
-    className?: string;
-}) => react_jsx_runtime.JSX.Element;
-
-declare const NextLogOut: ({ children }: {
-    children: ReactNode;
-}) => react_jsx_runtime.JSX.Element;
-
-export { type AuthContextType, CivicAuthProvider, CivicNextAuthProvider, NextLogOut, SignInButton, SignOutButton, type TokenContextType, UserButton, type UserContextType$1 as UserContextType, useAuth, useNextUser, useSession, useToken, useUser, useUserCookie };

package/dist/react.d.ts

@@ -1,119 +0,0 @@
-import { JWT } from 'oslo/jwt';
-import { D as DisplayMode, U as User, F as ForwardedTokens, A as AuthSessionService, E as Endpoints, b as UserInfoService, S as SessionData, a as UnknownObject, O as OIDCTokenResponseBody, P as ParsedTokens, C as Config } from './index-DoDoIY_K.js';
-import * as react_jsx_runtime from 'react/jsx-runtime';
-import { ReactNode } from 'react';
-import { OAuth2Client } from 'oslo/oauth2';
-
-type AuthContextType = {
-    signIn: (displayMode?: DisplayMode) => Promise<void>;
-    isAuthenticated: boolean;
-    isLoading: boolean;
-    error: Error | null;
-    signOut: () => Promise<void>;
-};
-
-type UserContextType$1<T extends Record<string, unknown> & JWT["payload"] = Record<string, unknown> & JWT["payload"]> = {
-    user: User<T> | null;
-} & Omit<AuthContextType, "isAuthenticated">;
-
-type TokenContextType = {
-    accessToken: string | null;
-    idToken: string | null;
-    forwardedTokens: ForwardedTokens;
-    refreshToken: () => Promise<void>;
-    isLoading: boolean;
-    error: Error | null;
-};
-
-declare class AuthSessionServiceImpl implements AuthSessionService {
-    readonly clientId: string;
-    readonly redirectUrl: string;
-    readonly oauthServer: string;
-    readonly inputEndpoints?: Partial<Endpoints> | undefined;
-    private endpoints;
-    private oauth2Client;
-    private userInfoService;
-    private codeVerifier;
-    private refreshTokenTimeout;
-    constructor(clientId: string, redirectUrl: string, oauthServer: string, inputEndpoints?: Partial<Endpoints> | undefined);
-    protected getCodeVerifier(): string;
-    getUserInfoService(): Promise<UserInfoService>;
-    protected getEndpoints(): Promise<Endpoints>;
-    protected getOauth2Client(): Promise<OAuth2Client>;
-    getSessionData(): SessionData;
-    updateSessionData(data: Partial<SessionData>): void;
-    getUser(): User<UnknownObject> | null;
-    setUser(data: User<UnknownObject> | null): void;
-    clearSessionData(): void;
-    getAuthorizationUrlWithChallenge(state: string, scopes: string[]): Promise<URL>;
-    getAuthorizationUrl(scopes: string[], displayMode: DisplayMode, nonce?: string): Promise<string>;
-    loadAuthorizationUrl(authorizationURL: string, displayMode: DisplayMode): void;
-    init(): Promise<this>;
-    logout(): Promise<void>;
-    determineDisplayMode(displayMode: DisplayMode): DisplayMode;
-    signIn(displayMode: DisplayMode, scopes: string[], nonce: string): Promise<void>;
-    tokenExchange(responseUrl: string): Promise<SessionData>;
-    private setupTokenRefresh;
-    refreshToken(): Promise<SessionData>;
-    getUserInfo<T extends UnknownObject>(): Promise<User<T> | null>;
-    /**
-     * Uses the jose library to validate a JWT token using the OAuth JWKS endpoint
-     * @returns {Promise<jose.JWTPayload>}
-     * @throws {Error} if the token is invalid
-     * @param tokens
-     */
-    validateTokens(tokens: OIDCTokenResponseBody): Promise<ParsedTokens>;
-    validateExistingSession(): Promise<SessionData>;
-}
-
-type AuthProviderProps = {
-    children: ReactNode;
-    clientId: string;
-    redirectUrl?: string;
-    nonce?: string;
-    config?: Config;
-    onSignIn?: (error?: Error) => void;
-    onSignOut?: () => void;
-    authServiceImpl?: AuthSessionServiceImpl;
-    serverSideTokenExchange?: boolean;
-};
-
-type CivicAuthProviderProps = Omit<AuthProviderProps, "authServiceImpl" | "serverSideTokenExchange">;
-declare const CivicAuthProvider: ({ children, ...props }: CivicAuthProviderProps) => react_jsx_runtime.JSX.Element;
-
-type UserContextType = {
-    user: User<UnknownObject> | null;
-};
-type NextCivicAuthProviderProps = Omit<AuthProviderProps, "clientId">;
-declare const CivicNextAuthProvider: ({ children, ...props }: NextCivicAuthProviderProps) => react_jsx_runtime.JSX.Element;
-declare const useNextUser: () => UserContextType;
-
-declare const useUser: <T extends Record<string, unknown> = Record<string, never>>() => UserContextType$1<T>;
-
-declare const useUserCookie: () => any;
-
-declare const useToken: () => TokenContextType;
-
-declare const useAuth: () => AuthContextType;
-
-declare const useSession: () => SessionData;
-
-declare const UserButton: ({ displayMode, className, }: {
-    displayMode?: DisplayMode;
-    className?: string;
-}) => react_jsx_runtime.JSX.Element;
-
-declare const SignInButton: ({ displayMode, className, }: {
-    displayMode?: DisplayMode;
-    className?: string;
-}) => react_jsx_runtime.JSX.Element;
-
-declare const SignOutButton: ({ className }: {
-    className?: string;
-}) => react_jsx_runtime.JSX.Element;
-
-declare const NextLogOut: ({ children }: {
-    children: ReactNode;
-}) => react_jsx_runtime.JSX.Element;
-
-export { type AuthContextType, CivicAuthProvider, CivicNextAuthProvider, NextLogOut, SignInButton, SignOutButton, type TokenContextType, UserButton, type UserContextType$1 as UserContextType, useAuth, useNextUser, useSession, useToken, useUser, useUserCookie };