@civic/auth 0.1.3 → 0.1.4-beta.1

package/test/integration/sdk.test.tsx

@@ -1,266 +0,0 @@
-import React from "react";
-import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
-import { OAuth2Client } from "oslo/oauth2";
-import { useAuth, useUser } from "@/reactjs/hooks/index.js";
-import { CivicAuthProvider } from "@/reactjs/providers/index.js";
-import {
-  render,
-  screen,
-  act,
-  fireEvent,
-  waitFor,
-} from "@testing-library/react";
-import { describe, it, expect, beforeEach, vi, afterEach } from "vitest";
-import "@testing-library/jest-dom";
-import * as jose from "jose";
-import tokensFixture from "../support/tokens.json";
-import * as oauthLib from "@/lib/oauth.js";
-import type { JWTVerifyResult, ResolvedKey } from "jose";
-
-const validTokens = { ...tokensFixture.local.validTokens };
-// Mock Component to test OAuth flow with useAuth
-const MockOAuthComponent = () => {
-  const { signIn, isAuthenticated } = useAuth();
-  const { user } = useUser();
-
-  const handleLogin = async () => {
-    try {
-      await signIn("redirect");
-      alert("Login Redirect Initiated");
-    } catch {
-      alert("Login Failed");
-    }
-  };
-
-  return (
-    <div>
-      <button onClick={handleLogin}>Login</button>
-      {user && (
-        <p data-testid="user-email">
-          User:
-          {user.email}
-        </p>
-      )}
-      {isAuthenticated && (
-        <p data-testid="session">Session authenticated:true</p>
-      )}
-    </div>
-  );
-};
-
-describe("OAuth login", () => {
-  const clientId = "test-client-id";
-  let mockOAuth2Client: OAuth2Client;
-  let originalWindowLocation: Location;
-  afterEach(vi.clearAllMocks);
-
-  vi.spyOn(oauthLib, "getOauthEndpoints").mockResolvedValue({
-    auth: "http://localhost:3001/oauth/auth",
-    token: "http://localhost:3001/oauth/token",
-    jwks: "http://localhost:3001/oauth/jwks",
-    userinfo: "http://localhost:3001/oauth/userinfo",
-  });
-  vi.mock("oslo/oauth2", () => ({
-    OAuth2Client: vi.fn(),
-    generateCodeVerifier: vi.fn(() => "mock-code-verifier"),
-    generateState: vi.fn(() => "mock-state"),
-  }));
-
-  vi.mock("jose", () => ({
-    jwtVerify: vi.fn(),
-    createRemoteJWKSet: vi.fn(),
-  }));
-
-  beforeEach(() => {
-    vi.clearAllMocks();
-    vi.resetModules();
-
-    // Setup mock implementations
-    mockOAuth2Client = {
-      createAuthorizationURL: vi.fn(),
-      validateAuthorizationCode: vi.fn(),
-      refreshAccessToken: vi.fn(),
-      clientId: "test-client-id",
-    } as unknown as OAuth2Client;
-    vi.mocked(OAuth2Client).mockImplementation(() => mockOAuth2Client);
-
-    // Setup jose mocks
-    const mockJWKS = {
-      getKey: vi.fn().mockResolvedValue({ alg: "RS256" }),
-    };
-    vi.mocked(jose.createRemoteJWKSet).mockReturnValue(mockJWKS as any);
-    vi.mocked(jose.jwtVerify).mockResolvedValue({
-      payload: { sub: "user123", name: "Test User", email: "test@example.com" },
-      protectedHeader: { alg: "RS256" },
-    } as unknown as JWTVerifyResult<unknown> & ResolvedKey);
-
-    originalWindowLocation = window.location;
-    window.location = { href: "" } as Location;
-    global.alert = vi.fn();
-    // Mock window.open to prevent errors.
-    vi.spyOn(window, "open").mockReturnValue(null);
-  });
-
-  afterEach(() => {
-    window.location = originalWindowLocation;
-  });
-
-  it("should set the correct auth url for login with redirect", async () => {
-    const windowAssign = vi.fn();
-    const redirectUri = "http://localhost:3001/callback";
-
-    vi.mocked(mockOAuth2Client.createAuthorizationURL).mockResolvedValue(
-      new URL(
-        "http://localhost:3001/oauth/auth?response_type=code&client_id=" +
-          clientId +
-          "&redirect_uri=" +
-          encodeURIComponent(redirectUri) +
-          "&scope=openid%20profile%20email&state=mock-state&code_challenge=mock-code-challenge&code_challenge_method=S256",
-      ),
-    );
-
-    window.location = {
-      ...originalWindowLocation,
-      assign: windowAssign,
-      replace: vi.fn(),
-      reload: vi.fn(),
-    };
-
-    const queryClient = new QueryClient();
-    render(
-      <QueryClientProvider client={queryClient}>
-        <CivicAuthProvider
-          clientId={clientId}
-          redirectUrl={redirectUri}
-          config={{
-            oauthServer: "http://localhost:3001",
-          }}
-        >
-          <MockOAuthComponent />
-        </CivicAuthProvider>
-      </QueryClientProvider>,
-    );
-
-    // Trigger the login button click, which initiates the OAuth flow
-    await act(async () => {
-      fireEvent.click(screen.getByText("Login"));
-    });
-
-    // Confirm that the sdk set the window.location.href to the auth url
-    const url = new URL(window.location.href);
-    expect(url.origin + url.pathname).toEqual(
-      "http://localhost:3001/oauth/auth",
-    );
-    expect(url.searchParams.get("response_type")).toEqual("code");
-    expect(url.searchParams.get("client_id")).toEqual(clientId);
-    expect(url.searchParams.get("redirect_uri")).toEqual(redirectUri);
-    expect(url.searchParams.get("scope")).toEqual("openid profile email");
-    expect(url.searchParams.get("state")).toBeTruthy(); // Ensure state is present
-    expect(url.searchParams.get("code_challenge")).toBeTruthy(); // Ensure code_challenge is present
-    expect(url.searchParams.get("code_challenge_method")).toEqual("S256");
-    expect(screen.queryByTestId("session")).not.toBeInTheDocument();
-  });
-
-  it("should initiate code exchange, validate tokens, and derive user from ID token", async () => {
-    const queryClient = new QueryClient();
-    const redirectUri = "http://localhost:3001/callback";
-
-    // Mock ID token with user information
-    const mockIdToken = validTokens.idToken;
-    const mockAccessToken = validTokens.accessToken;
-
-    // Mock oslo token exchange
-    const mockTokens = {
-      access_token: mockAccessToken,
-      id_token: mockIdToken,
-      refresh_token: "mock-refresh-token",
-      expires_in: 3600,
-    };
-    vi.mocked(mockOAuth2Client.validateAuthorizationCode).mockResolvedValue(
-      mockTokens,
-    );
-
-    // Prime storage and simulate redirect
-    await act(async () => {
-      localStorage.setItem(
-        "civic-auth:test-client-id",
-        JSON.stringify({
-          authenticated: false,
-          state: "mock-state",
-          codeVerifier: "mock-code-verifier",
-          displayMode: "redirect",
-        }),
-      );
-      window.location.pathname = "test-pathName";
-
-      // Configure window.location to simulate redirect
-      Object.defineProperty(window, "location", {
-        value: {
-          ...window.location,
-          origin: "http://mock-origin",
-        },
-        writable: true,
-      });
-      window.location.href = `${redirectUri}?code=test-code&state=mock-state`;
-
-      // Render the AuthProvider with the mock OAuth component
-      render(
-        <QueryClientProvider client={queryClient}>
-          <CivicAuthProvider
-            clientId={clientId}
-            redirectUrl={redirectUri}
-            config={{
-              oauthServer: "http://localhost:3001",
-            }}
-          >
-            <MockOAuthComponent />
-          </CivicAuthProvider>
-        </QueryClientProvider>,
-      );
-    });
-
-    expect(mockOAuth2Client.validateAuthorizationCode).toHaveBeenCalledWith(
-      "test-code",
-      {
-        codeVerifier: "mock-code-verifier",
-      },
-    );
-
-    // Check that jose.jwtVerify was called for id_token validation
-    await waitFor(() => {
-      expect(jose.jwtVerify).toHaveBeenCalledWith(
-        mockIdToken,
-        expect.any(Object),
-        {
-          issuer: ["http://localhost:3001", "http://localhost:3001/"],
-          audience: clientId,
-        },
-      );
-    });
-
-    // Check that jose.jwtVerify was called for access_token validation
-    await waitFor(() => {
-      expect(jose.jwtVerify).toHaveBeenCalledWith(
-        mockAccessToken,
-        expect.any(Object),
-        {
-          issuer: ["http://localhost:3001", "http://localhost:3001/"],
-        },
-      );
-    });
-
-    // Check that the authenticated flag is set in the session
-    await waitFor(() => {
-      expect(screen.queryByTestId("session")).toHaveTextContent(
-        "Session authenticated:true",
-      );
-    });
-
-    // Check that the user info derived from the ID token is displayed
-    await waitFor(() => {
-      expect(screen.queryByTestId("user-email")).toHaveTextContent(
-        "User:ghost@civic.com",
-      );
-    });
-  });
-});

package/test/support/fixtures.ts

@@ -1,56 +0,0 @@
-const oauthWellKnownResponse = {
-  authorization_endpoint: "https://auth-dev.civic.com/oauth/auth",
-  claims_parameter_supported: false,
-  claims_supported: [
-    "sub",
-    "forwardedTokens",
-    "email",
-    "name",
-    "family_name",
-    "picture",
-    "login_method",
-    "sid",
-    "auth_time",
-    "iss",
-  ],
-  code_challenge_methods_supported: ["S256"],
-  end_session_endpoint: "https://auth-dev.civic.com/oauth/session/end",
-  grant_types_supported: ["implicit", "authorization_code", "refresh_token"],
-  issuer: "https://auth-dev.civic.com/oauth/",
-  jwks_uri: "https://auth-dev.civic.com/oauth/jwks",
-  authorization_response_iss_parameter_supported: true,
-  response_modes_supported: ["form_post", "fragment", "query"],
-  response_types_supported: ["code id_token", "code", "id_token", "none"],
-  scopes_supported: [
-    "openid",
-    "offline_access",
-    "forwardedTokens",
-    "email",
-    "profile",
-  ],
-  subject_types_supported: ["public"],
-  token_endpoint_auth_methods_supported: [
-    "client_secret_basic",
-    "client_secret_jwt",
-    "client_secret_post",
-    "private_key_jwt",
-    "none",
-  ],
-  token_endpoint_auth_signing_alg_values_supported: [
-    "HS256",
-    "RS256",
-    "PS256",
-    "ES256",
-    "EdDSA",
-  ],
-  token_endpoint: "https://auth-dev.civic.com/oauth/token",
-  id_token_signing_alg_values_supported: ["PS256", "RS256"],
-  pushed_authorization_request_endpoint:
-    "https://auth-dev.civic.com/oauth/request",
-  request_parameter_supported: false,
-  request_uri_parameter_supported: false,
-  userinfo_endpoint: "https://auth-dev.civic.com/oauth/me",
-  claim_types_supported: ["normal"],
-};
-
-export { oauthWellKnownResponse };

package/test/support/tokens.json

@@ -1,26 +0,0 @@
-{
-    "local": {
-        "validTokens": {
-            "idToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImNpdmljLWF1dGgtdG9rZW4tc2lnbmVyLWtleSJ9.eyJzdWIiOiIzMzZmNDQ1Zi1hZjcxLTQxYzYtODNlZC00NjJhY2ZiNTU1YjYiLCJlbWFpbCI6Imdob3N0QGNpdmljLmNvbSIsImZvcndhcmRlZFRva2VucyI6eyJkdW1teSI6eyJhY2Nlc3NfdG9rZW4iOiIiLCJleHBpcmVzX2luIjozNjAwLCJpZF90b2tlbiI6ImV5SmhiR2NpT2lKU1V6STFOaUlzSW5SNWNDSTZJa3BYVkNJc0ltdHBaQ0k2SW10bGVYTjBiM0psTFVOSVFVNUhSUzFOUlNKOS5leUp6ZFdJaU9pSjBaWE4wSWl3aVlYUmZhR0Z6YUNJNklrcEdVbkZRZUhsZmJGYzFVaTFIV0dabE9Ia3lja0VpTENKaGRXUWlPaUp0ZVMxamJHbGxiblFpTENKbGVIQWlPakUzTWprd05qZ3hOVFVzSW1saGRDSTZNVGN5T1RBMk5EVTFOU3dpYVhOeklqb2lhSFIwY0RvdkwyeHZZMkZzYUc5emREbzVNRGt3SW4wLm11TGg2T2s0YVIyb0V3RC1yUFZXck5RY24xMFZqSjVmN0hUUHVNSk50NFBFVUEyVkttZnRKdHdEOXB5WVVNUngybkhHaWRIMVIyemhwbUpWclVUaDl4SDVpNkQxckx5VHA2UXFTbm9RQ1lYTFA3bzdJRWdLcTkta1R0TUhWS2t1LU1qX2FvNk05TUFaN3llYnpCR3dJcHVYcFRZY3JwMC1EQVZLSW94LVV1b0lfSkljbURWSExtbjJfUEhMZ0Z1Y3ctMTlVZFgyYUlTM19kSDRqQ01CLXp4Y0xGTmV6SlVfV1BRVTNYUEhyQk83M3lMWTU2NmEyb1RVczV3Tkh4bWJKOXdBWXJSRHJSQVBrcml2R2s1WEhNSG5RX21OUlUxNGhSc2N3Y25vOC1NZnNlZlRHc1JsbDdSRXpiaUFWUzZjY2hHV0ItVXJJWk92R0p6UjFlZGRjQSIsInNjb3BlIjoib3BlbmlkIHByb2ZpbGUgZW1haWwiLCJ0b2tlbl90eXBlIjoiQmVhcmVyIn19LCJub25jZSI6IjEyMzQ1Njc4OTAiLCJhdF9oYXNoIjoiVFZjelNRMERIeElHY2t1VzducDYydyIsImF1ZCI6ImRlbW8tY2xpZW50LTEiLCJleHAiOjE3MjkwNjgxNTYsImlhdCI6MTcyOTA2NDU1NiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDozMDAxIn0.NNvOtkls3wjivcCWYanqWr8_cHzf7by2_6mSF_qeNqJ8zt7ZPmKh2R6WbnrlYVsym0sMYueR9m_bDGsNZNrwXGPABz4ff7TV5LH8LO1W_fdPemMBlIDdRwc0DZx7BUIKqwvciQ1lHx-2xv-6gH7TZVX7Dwvv-zArLpLkmzrec4EV0Wyn-WYAZFqMMpPvEUCCxkp_AWMh9P8ax3ExSHPAMu5_skJo1nJTK5lri3DNU31IuXvLz2JFYusDViFDwu5wx_TSC1S-hsRQd_aK_wGGifqfuwuGRX43ZEDqRcB5lgBAfc8v1kxYu5HhF07C63zMLZjJg66pGBHwNWp5r-Q4K-2xBXDU6TP-4YYikvwqIOjlRiz_RP_kEBrioqNRvwk8SU2laJ7g7st_4q86RiXPS4uN31o5eDSCiM5dd0OdC2IUZorC5pMym-IzuHEJhWr68psczj3dUKxbLbuoH-827CQt-8Vv8znfS7ck8I0YDXjVSKhBYXoCnzXpwJ-c9OcPIbquTQrqeogGqTlA6Nt-23rC7Ave8xOcRQZrJ1Ec5c5eD_4MoSYw3q90b6AT6U3tY3ewYQMdg4Ro9x-hFu7uCuurDZgnyugpM7dBATaFfR3ar9nRtdMyPrU2LhEeZS2iwSvP7wuWJpIkjxFy3znFrsFBTa_WbD0BJSOfl1j5G94",
-            "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6ImF0K2p3dCIsImtpZCI6ImNpdmljLWF1dGgtdG9rZW4tc2lnbmVyLWtleSJ9.eyJqdGkiOiJjS2xCVW1jZW0tVjE3RzM4N1AyTUIiLCJzdWIiOiIzMzZmNDQ1Zi1hZjcxLTQxYzYtODNlZC00NjJhY2ZiNTU1YjYiLCJpYXQiOjE3MjkwNjQ1NTYsImV4cCI6MTcyOTA2ODE1NiwiY2xpZW50X2lkIjoiZGVtby1jbGllbnQtMSIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6MzAwMSIsImF1ZCI6ImNpdmljIn0.gsX--7GtdF1JYQi5Spt6GfcvZ_8EZxkpO8GljfoXJw-cRYhP98-w9IADZBn87ekH914pnUTxp1x_oLhTWGBrR_yMsHRYim_gkVv8t-dnOEAR4IzDByG7kd58TM_blbY-yma0Cb-O3XRGgrdkvw2PjMeHfTSl3tlYx0c47PS8WegOkYkQcfyPUUNEsUFA8e5qzmkMCdwFWHaox-fQaaNpFrO0wCRWOvYr3vFnrLU87Ds7AOaurZUYaFgxqcMsg3zhZXB2pslqS2p9pmQO3Yi0m8-ntX5P18TWX6oOdBbOLqJX3R5s2GAAm9tYJOeBz-JpTucmn4OaL3OyJvIZqM-7EAVtHdnVYUjzGarNu4_b-rcj66mkSNBbquqjAmRBQ5nnRMkmWZxkf6BKgOwmuONLaU4soZEc_AUNtcKIRzbYmBvrgBlPZr5lvkSKIynKlDCbhsB7O_yBRijVesQrau5ReUcXdbJMRj1U5goBnWXV8y8xZFVKwJvx5WdQVUz2tjmtTO8xMK0ORcWdJShIzlhvQrUsjuiFKWytlbRckIdrllsNLfTFbIvQLa9Pmi-FgrJtm-wD3RoHlNgtjGiHjN-YfWCauTcSn9Xd8TbjIc8D43LuRR2Oh3c78GrEVerbnmTjXh6UFZ6ZXkrkarVst8KQMtPiUo9_DdtJP6ghXLXdo6A"
-        },
-        "expiredTokens": {
-            "idToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIzZmJlM2QwMy0yZDM4LTRjZjgtYjAzNy1kZDVjMjdkOWFmODAiLCJlbWFpbCI6ImVkMjEyNTczLTgxMGEtNDliZS1iNzdiLTg2OWMyOWM2ZWRkZEBleGFtcGxlLmV4YW1wbGUiLCJmb3J3YXJkZWRUb2tlbnMiOnsiZHVtbXkiOnsiYWNjZXNzX3Rva2VuIjoidGVzdC1mb3J3YXJkZWQtYWNjZXNzLXRva2VuIiwiaWRfdG9rZW4iOiJ0ZXN0LWZvcndhcmRlZC1pZC10b2tlbiJ9fSwibm9uY2UiOiIxMjM0NTY3ODkwIiwiYXRfaGFzaCI6Ikh3T3JXdldWRV9UR3h3c2ZCN0NyRlEiLCJhdWQiOiJkZW1vLWNsaWVudC0xIiwiZXhwIjoxNjk3OTU5OTI1LCJpYXQiOjE2NjY0MjM5MjUsImlzcyI6Imh0dHBzOi8vYXV0aC1kZXYuY2l2aWMuY29tL29hdXRoLyJ9.MO0IdxEyNiOq4E5QdtpfSbnXQKiN8euC2ac0E0VWggUP4o5yoz29gqAzETP_omvOBfOn4hJjXTDPGqKXKg-Lz-oLdzF71aztskCerwDuB5PdqyCGMS9Qa2j40FTJ7RkuBG9PISUpGWYfZ28q7u94h8GyWtqRtPAF2aPD1rvckk-WTXLeMqEWtfEy0yCJ4MvEwp6MUgeb7EwRKUZ_cuVCE5Xm8rNebO9b2I3Jqdg8cNNyAxEYkWERBcfFtOfaQYD_8DNJvpNpJvZXAowaab7dzNgGBAxhTQ7s4S9h-Ly2nQIAIpbff_A4baI6rOqWfFxdzrxcFt34x0S_90Z3MXNziAb-ocG0WkPewRm0hvrF4E-zFTM4guTvtol0cKw9qWLb_JE-Idm9Zq-abkOS6FvM2E0j1iqKjT1GqM_EhOdIMzOidqxlls5v2UaaJ34PvR_1yTopm6Lguhr6uX3CW_F4A5tGAxsReeUDdGQAhkPYqZp8zjPUxjCA3cJEnMSGWHgqiBJ5lCLeH-SaccT828pSqYL8FrN0Qts3ILaElVVECHiWhN90lGaBSPw8pn19odH70wH651C2eonWKAKQMpNheGmyjrGE8n0jPwz-p-8ISp5H793wlWiTH2ay33METj0Vbgg-G1p1xcWD5WR4X-uyH1f-iNupvVNYn8mf0iPxM-I",
-            "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ0Wk9RdjQ0Unh2MzJ4dTJReElzTnEiLCJzdWIiOiIzZmJlM2QwMy0yZDM4LTRjZjgtYjAzNy1kZDVjMjdkOWFmODAiLCJleHAiOjE2OTc5NTk5MjUsImlhdCI6MTY2NjQyMzkyNSwiY2xpZW50X2lkIjoiZGVtby1jbGllbnQtMSIsImlzcyI6Imh0dHBzOi8vYXV0aC1kZXYuY2l2aWMuY29tL29hdXRoLyIsImF1ZCI6ImNpdmljIn0.HxnjNL8P7K0WHoCQXpvbxtu_yTrcdudj4GI4fjQZEoVXJ14IkssKUa3aJGWZ2vJkxqIogoLmywYFBjvLZqcc1vo3Q-aLlVEb7EkjsQU4Qo8BMsJ0ZS2_4cDewt9WBUrMA-fDy3UwgoxHlM5OCjQ5lKAPLLm2FJDJ-djFOf_z0le9FOZ4MqkU7u_lc57e0jdCwSZmIRIU5DPX90jh-p2r8OxBwRorjAwuiiu59wTtYyEpfdicSwb7mM7hM6nFp-zl14ogWGCiW20_Lx0sz-1EfzUgw-rH2xW5R_QDUQtHJ15Pq0mtck77i608y2IElnQgwYlmSmn7gpSUoNB7Bh7cBckRfV1YHh8CoReQOKjtfCbhZYVdFDuuUaIEYmI_E9W-C4BKWJkdtX3kCy576jCx15-N7VBzVYIpkOVHHeZdRkMLVJCts2W84it0lCXgMg7KfOcuv8Lzqj_IrSBmP6jgKiOhWJ0eWQLrKGBKOS5IxhK6kyQjZSKy8Yj-N_iBt1PP4e-EWBL2jlQ81ycm4_qgUmiADryUVRchUUAyT-y5TD_LTb2gu-7h_ElKFJ_9scWjxn-SguJi2ObYaFqTes9cNtMFLP3mi9wHhlCngb5_Bw1goV0XHR1H-PSX-XOQ0MzTK7KA8uT1PHbRCsHEFkjMaZgWEwfxTqXVt2LzT6PH_Qs"
-        }
-    },
-    "dev": {
-        "validTokens": {
-            "idToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIzZmJlM2QwMy0yZDM4LTRjZjgtYjAzNy1kZDVjMjdkOWFmODAiLCJlbWFpbCI6ImVkMjEyNTczLTgxMGEtNDliZS1iNzdiLTg2OWMyOWM2ZWRkZEBleGFtcGxlLmV4YW1wbGUiLCJmb3J3YXJkZWRUb2tlbnMiOnsiZHVtbXkiOnsiYWNjZXNzX3Rva2VuIjoidGVzdC1mb3J3YXJkZWQtYWNjZXNzLXRva2VuIiwiaWRfdG9rZW4iOiJ0ZXN0LWZvcndhcmRlZC1pZC10b2tlbiJ9fSwibm9uY2UiOiIxMjM0NTY3ODkwIiwiYXRfaGFzaCI6Ikh3T3JXdldWRV9UR3h3c2ZCN0NyRlEiLCJhdWQiOiJkZW1vLWNsaWVudC0xIiwiZXhwIjozMjUyODU5NDc1NCwiaWF0IjoxNzI5MDY2NTY4LCJpc3MiOiJodHRwczovL2F1dGgtZGV2LmNpdmljLmNvbS9vYXV0aC8ifQ.vRQtCQqzV_m62rClHrOtiV7C2zBDOp6h51IgPvlX4-z9x5BDmgckZpNfxPo-Skl7Un5HwTmnqfEyrdsIUScI86Nf_jVt6oEwM1YE2PwygHPW6oE4-Nlipcpll7zNaQQTBVpfuz1bEC7xRqM3quH-RT_hEB4em8YrN0uIBtPrBJ3JpzSnjrLkdziLiSQbejYMLM69WCRCc0pT1V8oBRWxq3fd6s71ajZ8X-KIf5p5Nc24FzidK6X3Yb7pD9sq8BlqbGIDpdXJXNCPJz8kpN9AiggAJUpYeNV2zi0rm5O5-C8UHwOVkAd7SCc_rBxoUxJ9K8B_RX3mo0wKzjY_BVLrvba4R9Nbl5JYkaWPnvKaZDEebjdb3eHdljeomEtP1uYNOqTGqY0Pj8312WNjC6-HtDQFevzmZKYqLtExGuGMuj81V9QUO_SAWzPKZ_wgscJzdR_lFgCqL2uOE0CL6LcnXefyqiMMtsIh2BuBKBJHzCmBf26ezaOuR_hRH4wbJ2rawiqSInhwedeHC1MoVsEWcjealUJspWCfbTqGF-ewTmRAvXffkNjOiQNtclt63ap9gbE89tsNlG_TFICbHFAbn4rNTq6e1gpgke1Ouf9ex1UXrZb9HdfeN5o9-7IsPlEWblkxDKxqcj6YAukETfW7wYzt4tV_sxqO_uxiHhczRU8",
-            "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ0Wk9RdjQ0Unh2MzJ4dTJReElzTnEiLCJzdWIiOiIzZmJlM2QwMy0yZDM4LTRjZjgtYjAzNy1kZDVjMjdkOWFmODAiLCJpYXQiOjE3MjkwNjY1NjgsImV4cCI6MzI1Mjg1OTQ3NTQsImNsaWVudF9pZCI6ImRlbW8tY2xpZW50LTEiLCJpc3MiOiJodHRwczovL2F1dGgtZGV2LmNpdmljLmNvbS9vYXV0aC8iLCJhdWQiOiJjaXZpYyJ9.CzQ_WXqFobV_fafE3K2dIUttvcFDxOGMT_GnUmdyg5HLB1MRCQYZItwZof_h-LdQp8suo4XyneclOJnQhCzlmDjOcEZOns_joh91t-zDX1jXIQNqC_evpzvfr5Rubz26gsKljk642ru0gkaH8cLHPJx3jgvtBrQzbLbzKJZRIhWqthrqdcKHKeUxN6g-LAFqQG7d-tP6cL_X1Q29IBpJ49SkpYFEDslLwQ_LU5zal_k-2tEyU6DfoFWB9hbNfBQy16SJzgDBDnZ3DadDSRjpXBwRa7m9ALa3A_qVln3K4wuTR46LFDqMKNAqf_sfy5tIJ6Zja5ehwxqmMwXtHomZY9OtfHDE511AZ6wGSagEpexe3eV-2TVwTvJBZnqfeLnnzlF9Z6qqq65lJ5XhO34Ylxnt-kqLqPOPwp-rYCJna-tUsEKAokkqKnHf2FycMQAaBx0grk5yyD2Y4CttlCfbdehoFSyWtTFvkjkk7MebLXqvMbqxXSmKaBn7Of0W6E9Qs6nJ5gWMaVuD9gc2H-BvQAQBUSYpl0TB_yPJKbiRb03HvvgZUdgB9XI9e5YFSMA0K_0SPtx4AgSLH2Coz-NxwLUtP22PUTNmm-04r8Sj0SVWw9w9mW4YXU3U4BGI_0fmIW3BMGgDk_9ghsumaNYKSe1P4qFLqh2jqEov0MagLck"
-        },
-        "differentSignerTokens": {
-            "idToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIzZmJlM2QwMy0yZDM4LTRjZjgtYjAzNy1kZDVjMjdkOWFmODAiLCJlbWFpbCI6ImVkMjEyNTczLTgxMGEtNDliZS1iNzdiLTg2OWMyOWM2ZWRkZEBleGFtcGxlLmV4YW1wbGUiLCJmb3J3YXJkZWRUb2tlbnMiOnsiZHVtbXkiOnsiYWNjZXNzX3Rva2VuIjoidGVzdC1mb3J3YXJkZWQtYWNjZXNzLXRva2VuIiwiaWRfdG9rZW4iOiJ0ZXN0LWZvcndhcmRlZC1pZC10b2tlbiJ9fSwibm9uY2UiOiIxMjM0NTY3ODkwIiwiYXRfaGFzaCI6Ikh3T3JXdldWRV9UR3h3c2ZCN0NyRlEiLCJhdWQiOiJkZW1vLWNsaWVudC0xIiwiZXhwIjozMjUyODU5NDc1NCwiaWF0IjoxNzI5MDY2NTY4LCJpc3MiOiJodHRwczovL2F1dGgtZGV2LmNpdmljLmNvbS9vYXV0aC8ifQ.hEPfoJRHEttdCUttpFI1e5fVrPIboOsAqwNsnXR0ANpl9qJjbYgkwPhpTaoujCI2LoNmTNqTxdFuq19g03-EMIJCvfv2hi4NOSXCzk94EFumDLaKQNvSnyXBb3LolD45-OqRBUycvQcWgynRSCS_GaGncJ_qPfFarThwYuzRKF7XvBlQf7FbdnVAWwpuP9AU6dJDLZNJChm3wRrubsbMLzhtWbFhTAlrp7ACLoCkx6c3_IZs35Wcn-5DfdBRGYicrJvaqQ4xBTTLR0lE23VsLMPDAqgdcCOIduCobq6FuY8hAGkJwOZ-cW81KYrCGQn_47GDfaP_BsAUM4YblcCuAQ",
-            "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ0Wk9RdjQ0Unh2MzJ4dTJReElzTnEiLCJzdWIiOiIzZmJlM2QwMy0yZDM4LTRjZjgtYjAzNy1kZDVjMjdkOWFmODAiLCJpYXQiOjE3MjkwNjY1NjgsImV4cCI6MzI1Mjg1OTQ3NTQsImNsaWVudF9pZCI6ImRlbW8tY2xpZW50LTEiLCJpc3MiOiJodHRwczovL2F1dGgtZGV2LmNpdmljLmNvbS9vYXV0aC8iLCJhdWQiOiJjaXZpYyJ9.VXHpr2yV7fk7ggPurT5zSlfcTrC6VfMGqt5KUi9bw3raetbwC7zdPNtNdcwLEGL1O-JvQB2JH6aDc24bLv6h2yyxNZufoq9LHQKZpJYEe6nEaeTIZkWG0TeKa1Kpj4Gq2C7ooNMPKdjb8hYu_4PN8uaB7z1jM55CLPr-SvSiOqpyZDDc92zShlYTGcUVKFUIM4mQ-vZv8064ck4L1ca0H3LvMegdiUg0WUcDttzcfRpqv9jw1g-CNGx4I-0Bqlb_EqGuY345-0_iH3AsMvFuhQn1SltYYrLLWm9drMpQh3YGtFGqu21Oz-geRrpfAmxRBF7fcgDC-0kwroP2ARymDw"
-        },
-        "expiredTokens": {
-            "idToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIzZmJlM2QwMy0yZDM4LTRjZjgtYjAzNy1kZDVjMjdkOWFmODAiLCJlbWFpbCI6ImVkMjEyNTczLTgxMGEtNDliZS1iNzdiLTg2OWMyOWM2ZWRkZEBleGFtcGxlLmV4YW1wbGUiLCJmb3J3YXJkZWRUb2tlbnMiOnsiZHVtbXkiOnsiYWNjZXNzX3Rva2VuIjoidGVzdC1mb3J3YXJkZWQtYWNjZXNzLXRva2VuIiwiaWRfdG9rZW4iOiJ0ZXN0LWZvcndhcmRlZC1pZC10b2tlbiJ9fSwibm9uY2UiOiIxMjM0NTY3ODkwIiwiYXRfaGFzaCI6Ikh3T3JXdldWRV9UR3h3c2ZCN0NyRlEiLCJhdWQiOiJkZW1vLWNsaWVudC0xIiwiZXhwIjoxNjk3OTU5OTI1LCJpYXQiOjE2NjY0MjM5MjUsImlzcyI6Imh0dHBzOi8vYXV0aC1kZXYuY2l2aWMuY29tL29hdXRoLyJ9.MO0IdxEyNiOq4E5QdtpfSbnXQKiN8euC2ac0E0VWggUP4o5yoz29gqAzETP_omvOBfOn4hJjXTDPGqKXKg-Lz-oLdzF71aztskCerwDuB5PdqyCGMS9Qa2j40FTJ7RkuBG9PISUpGWYfZ28q7u94h8GyWtqRtPAF2aPD1rvckk-WTXLeMqEWtfEy0yCJ4MvEwp6MUgeb7EwRKUZ_cuVCE5Xm8rNebO9b2I3Jqdg8cNNyAxEYkWERBcfFtOfaQYD_8DNJvpNpJvZXAowaab7dzNgGBAxhTQ7s4S9h-Ly2nQIAIpbff_A4baI6rOqWfFxdzrxcFt34x0S_90Z3MXNziAb-ocG0WkPewRm0hvrF4E-zFTM4guTvtol0cKw9qWLb_JE-Idm9Zq-abkOS6FvM2E0j1iqKjT1GqM_EhOdIMzOidqxlls5v2UaaJ34PvR_1yTopm6Lguhr6uX3CW_F4A5tGAxsReeUDdGQAhkPYqZp8zjPUxjCA3cJEnMSGWHgqiBJ5lCLeH-SaccT828pSqYL8FrN0Qts3ILaElVVECHiWhN90lGaBSPw8pn19odH70wH651C2eonWKAKQMpNheGmyjrGE8n0jPwz-p-8ISp5H793wlWiTH2ay33METj0Vbgg-G1p1xcWD5WR4X-uyH1f-iNupvVNYn8mf0iPxM-I",
-            "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ0Wk9RdjQ0Unh2MzJ4dTJReElzTnEiLCJzdWIiOiIzZmJlM2QwMy0yZDM4LTRjZjgtYjAzNy1kZDVjMjdkOWFmODAiLCJleHAiOjE2OTc5NTk5MjUsImlhdCI6MTY2NjQyMzkyNSwiY2xpZW50X2lkIjoiZGVtby1jbGllbnQtMSIsImlzcyI6Imh0dHBzOi8vYXV0aC1kZXYuY2l2aWMuY29tL29hdXRoLyIsImF1ZCI6ImNpdmljIn0.HxnjNL8P7K0WHoCQXpvbxtu_yTrcdudj4GI4fjQZEoVXJ14IkssKUa3aJGWZ2vJkxqIogoLmywYFBjvLZqcc1vo3Q-aLlVEb7EkjsQU4Qo8BMsJ0ZS2_4cDewt9WBUrMA-fDy3UwgoxHlM5OCjQ5lKAPLLm2FJDJ-djFOf_z0le9FOZ4MqkU7u_lc57e0jdCwSZmIRIU5DPX90jh-p2r8OxBwRorjAwuiiu59wTtYyEpfdicSwb7mM7hM6nFp-zl14ogWGCiW20_Lx0sz-1EfzUgw-rH2xW5R_QDUQtHJ15Pq0mtck77i608y2IElnQgwYlmSmn7gpSUoNB7Bh7cBckRfV1YHh8CoReQOKjtfCbhZYVdFDuuUaIEYmI_E9W-C4BKWJkdtX3kCy576jCx15-N7VBzVYIpkOVHHeZdRkMLVJCts2W84it0lCXgMg7KfOcuv8Lzqj_IrSBmP6jgKiOhWJ0eWQLrKGBKOS5IxhK6kyQjZSKy8Yj-N_iBt1PP4e-EWBL2jlQ81ycm4_qgUmiADryUVRchUUAyT-y5TD_LTb2gu-7h_ElKFJ_9scWjxn-SguJi2ObYaFqTes9cNtMFLP3mi9wHhlCngb5_Bw1goV0XHR1H-PSX-XOQ0MzTK7KA8uT1PHbRCsHEFkjMaZgWEwfxTqXVt2LzT6PH_Qs"
-        }
-    }
-}

package/test/unit/lib/oauth.test.ts

@@ -1,72 +0,0 @@
-import {
-  getOauthEndpoints,
-  getIssuerVariations,
-  displayModeFromState,
-  generateState,
-} from "@/lib/oauth.js";
-import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
-import { oauthWellKnownResponse } from "../../support/fixtures.js";
-
-describe("getOauthEndpoints", () => {
-  afterEach(vi.clearAllMocks);
-
-  beforeEach(() => {
-    global.fetch = vi.fn().mockResolvedValue({
-      json: vi.fn().mockResolvedValue(oauthWellKnownResponse),
-    });
-  });
-
-  it("should translate the response from the auth server into an endpoints object", async () => {
-    const response = await getOauthEndpoints("https://example.com");
-    expect(response).toEqual({
-      auth: "https://auth-dev.civic.com/oauth/auth",
-      token: "https://auth-dev.civic.com/oauth/token",
-      jwks: "https://auth-dev.civic.com/oauth/jwks",
-      userinfo: "https://auth-dev.civic.com/oauth/me",
-    });
-  });
-});
-
-describe("getIssuerVariations", () => {
-  it("should return an array of variations of the issuer", () => {
-    const issuer = "https://example.com";
-    const variations = getIssuerVariations(issuer);
-    expect(variations).toEqual(["https://example.com", "https://example.com/"]);
-  });
-});
-
-describe("displayModeFromState", () => {
-  it("should return the display mode from the state", () => {
-    const state = "state";
-    const displayMode = "redirect";
-    const result = displayModeFromState(state, displayMode);
-
-    expect(result).toEqual(displayMode);
-  });
-
-  it("should extract the display mode correctly from state", () => {
-    const state =
-      "eyJ1dWlkIjoiMGY0NWU5YWItY2U1Ni00OWZiLTlkYmUtOGQ3ZmM3YTI3NDFhIiwiZGlzcGxheU1vZGUiOiJpZnJhbWUiLCJzZXJ2ZXJUb2tlbkV4Y2hhbmdlIjp0cnVlfQ";
-    const displayMode = "redirect";
-    const result = displayModeFromState(state, displayMode);
-
-    expect(result).toEqual("iframe");
-  });
-});
-
-describe("generateState", () => {
-  it("should generate a state string", () => {
-    const state = generateState("redirect");
-
-    expect(state).toBeTruthy();
-    expect(state).toHaveLength(96);
-  });
-
-  it('should generate a state string with "serverTokenExchange" key', () => {
-    const state = generateState("redirect", true);
-
-    expect(state).toBeTruthy();
-    const decoded = atob(state);
-    expect(JSON.parse(decoded)).toHaveProperty("serverTokenExchange", true);
-  });
-});

package/test/unit/logger.test.ts

@@ -1,175 +0,0 @@
-import { describe, it, expect, beforeEach, vi } from "vitest";
-import debug from "debug";
-import { createLogger } from "../../src/lib/logger.js";
-
-// Mock the debug package
-vi.mock("debug", () => {
-  const debugInstance = vi.fn();
-  const debug = vi.fn(() => debugInstance);
-  // Add color property to match debug package API
-  Object.defineProperty(debugInstance, "color", {
-    set: vi.fn(),
-    get: vi.fn(),
-  });
-  return { default: debug };
-});
-
-describe("Logger", () => {
-  let mockDebug: ReturnType<typeof debug>;
-  let debugInstance: ReturnType<typeof vi.fn>;
-  let logger: ReturnType<typeof createLogger>;
-
-  beforeEach(() => {
-    vi.clearAllMocks();
-    mockDebug = debug as unknown as ReturnType<typeof debug>;
-    debugInstance = mockDebug("test") as unknown as ReturnType<typeof vi.fn>;
-    logger = createLogger("test");
-  });
-
-  it("should create debug instances with correct namespaces", () => {
-    logger = createLogger("api:routes");
-
-    // Verify that debug was called with the correct namespaces
-    expect(mockDebug).toHaveBeenCalledWith("@civic/auth:api:routes:debug");
-    expect(mockDebug).toHaveBeenCalledWith("@civic/auth:api:routes:info");
-    expect(mockDebug).toHaveBeenCalledWith("@civic/auth:api:routes:warn");
-    expect(mockDebug).toHaveBeenCalledWith("@civic/auth:api:routes:error");
-  });
-
-  it("should log debug messages with context", () => {
-    const context = { requestId: "123", userId: "456" };
-    logger.debug("Processing request", context);
-
-    expect(debugInstance).toHaveBeenCalledWith("Processing request", context);
-  });
-
-  it("should log info messages with multiple arguments", () => {
-    const requestId = "123";
-    const duration = 456;
-    logger.info("Request completed", { requestId, duration });
-
-    expect(debugInstance).toHaveBeenCalledWith("Request completed", {
-      requestId,
-      duration,
-    });
-  });
-
-  it("should log warning messages with structured data", () => {
-    const warning = {
-      code: "RATE_LIMIT",
-      requestId: "123",
-      limit: 100,
-      current: 95,
-    };
-
-    logger.warn("Rate limit approaching", warning);
-
-    expect(debugInstance).toHaveBeenCalledWith(
-      "Rate limit approaching",
-      warning,
-    );
-  });
-
-  it("should log error messages with error objects", () => {
-    const error = new Error("Database connection failed");
-    const context = {
-      requestId: "123",
-      operation: "getUserProfile",
-    };
-
-    logger.error("Operation failed", { error, ...context });
-
-    expect(debugInstance).toHaveBeenCalledWith("Operation failed", {
-      error,
-      ...context,
-    });
-  });
-
-  it("should handle undefined arguments", () => {
-    logger.info("Simple message");
-
-    expect(debugInstance).toHaveBeenCalledWith("Simple message");
-  });
-
-  it("should handle null values in context", () => {
-    const context = {
-      userId: null,
-      sessionId: undefined,
-      requestId: "123",
-    };
-
-    logger.debug("User context", context);
-
-    expect(debugInstance).toHaveBeenCalledWith("User context", context);
-  });
-
-  // Testing different logger namespaces
-  describe("Logger namespaces", () => {
-    it("should create db logger with correct namespace", () => {
-      const dbLogger = createLogger("api:db");
-      dbLogger.info("DB Operation");
-
-      expect(mockDebug).toHaveBeenCalledWith("@civic/auth:api:db:info");
-    });
-
-    it("should create auth handler logger with correct namespace", () => {
-      const authLogger = createLogger("api:handlers:auth");
-      authLogger.debug("Auth check");
-
-      expect(mockDebug).toHaveBeenCalledWith(
-        "@civic/auth:api:handlers:auth:debug",
-      );
-    });
-  });
-
-  // Integration-style tests
-  describe("Real-world scenarios", () => {
-    it("should log complete request lifecycle", () => {
-      const requestLogger = createLogger("api:request");
-      const requestId = "123";
-      const start = Date.now();
-
-      requestLogger.debug("Request started", {
-        requestId,
-        method: "GET",
-        path: "/api/users",
-      });
-      requestLogger.info("Processing request", { requestId, userId: "456" });
-      requestLogger.debug("DB query executed", { requestId, duration: 50 });
-      requestLogger.info("Request completed", {
-        requestId,
-        duration: Date.now() - start,
-        status: 200,
-      });
-
-      expect(debugInstance).toHaveBeenCalledTimes(4);
-    });
-
-    it("should log error scenario with full context", () => {
-      const requestLogger = createLogger("api:request");
-      const requestId = "123";
-      const error = new Error("Invalid user input");
-      const context = {
-        userId: "456",
-        input: { email: "invalid" },
-        validation: { failed: true, errors: ["Invalid email format"] },
-      };
-
-      requestLogger.debug("Validating input", {
-        requestId,
-        input: context.input,
-      });
-      requestLogger.warn("Validation failed", {
-        requestId,
-        validation: context.validation,
-      });
-      requestLogger.error("Request failed", {
-        requestId,
-        error,
-        context,
-      });
-
-      expect(debugInstance).toHaveBeenCalledTimes(3);
-    });
-  });
-});

package/test/unit/nextjs/NextAuthProvider.test.tsx

@@ -1,38 +0,0 @@
-import { render } from "@testing-library/react";
-import { describe, it, vi, expect } from "vitest";
-import { CivicNextAuthProvider } from "@/nextjs/providers/NextAuthProvider.js";
-import { resolveAuthConfig } from "@/nextjs/config.js";
-import React from "react";
-
-vi.mock("@/nextjs/config.js", () => ({
-  resolveAuthConfig: vi.fn(() => ({
-    clientId: "test-client-id",
-    oauthServer: "https://example.com",
-    callbackUrl: "https://example.com/callback",
-    challengeUrl: "https://example.com/challenge",
-    logoutUrl: "https://example.com/logout",
-  })),
-}));
-
-vi.mock("@/nextjs/hooks/useUserCookie", () => ({
-  useUserCookie: vi.fn(),
-}));
-
-vi.mock("@/nextjs/hooks/useTokenCookie", () => ({
-  useTokenCookie: vi.fn(),
-}));
-
-describe("CivicNextAuthProvider", () => {
-  it("should call resolveAuthConfig with no arguments", () => {
-    const children = <div>Test Content</div>;
-
-    render(
-      <CivicNextAuthProvider>
-        {children}
-      </CivicNextAuthProvider>
-    );
-
-    // The Next implementation should take all config from the next.config.js file, no config taken from provider props.
-    expect(resolveAuthConfig).toHaveBeenCalledWith();
-  });
-});