npm - @civic/auth - Versions diffs - 0.1.4-beta.7 → 0.1.5-beta.0 - Mend

@civic/auth 0.1.4-beta.7 → 0.1.5-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (275) hide show

package/dist/esm/nextjs/config.js CHANGED Viewed

@@ -12,6 +12,7 @@ export const defaultAuthConfig = {
     callbackUrl: "/api/auth/callback",
     challengeUrl: "/api/auth/challenge",
     logoutUrl: "/api/auth/logout",
+    logoutCallbackUrl: "/api/auth/logoutcallback",
     loginUrl: "/",
     include: ["/*"],
     exclude: [],
@@ -95,6 +96,7 @@ export const resolveAuthConfig = (config = {}) => {
         challengeUrl: process.env._civic_auth_challenge_url,
         loginUrl: process.env._civic_auth_login_url,
         logoutUrl: process.env._civic_auth_logout_url,
+        logoutCallbackUrl: process.env._civic_auth_logout_callback_url,
         include: process.env._civic_auth_includes?.split(","),
         exclude: process.env._civic_auth_excludes?.split(","),
         cookies: process.env._civic_auth_cookie_config
@@ -140,6 +142,7 @@ export const resolveAuthConfig = (config = {}) => {
  *   callbackUrl: '/custom/callback',
  *   loginUrl: '/custom/login',
  *   logoutUrl: '/custom/logout',
+ *   logoutCallbackUrl: '/custom/logoutcallback',
  *   include: ['/protected/*'],
  *   exclude: ['/public/*']
  * })
@@ -163,6 +166,7 @@ export const createCivicAuthPlugin = (authConfig) => {
                 _civic_auth_challenge_url: resolvedConfig.challengeUrl,
                 _civic_auth_login_url: resolvedConfig.loginUrl,
                 _civic_auth_logout_url: resolvedConfig.logoutUrl,
+                _civic_auth_logout_callback_url: resolvedConfig.logoutCallbackUrl,
                 _civic_auth_includes: resolvedConfig.include.join(","),
                 _civic_auth_excludes: resolvedConfig.exclude.join(","),
                 _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies),

package/dist/esm/nextjs/config.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/nextjs/config.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EACL,YAAY,EAEZ,WAAW,GAEZ,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAErD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;AAuB5C,MAAM,mBAAmB,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa,CAAC,CAAC;AACtE;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAA6C;IACzE,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,oBAAoB;IACjC,YAAY,EAAE,qBAAqB;IACnC,SAAS,EAAE,kBAAkB;IAC7B,QAAQ,EAAE,GAAG;IACb,OAAO,EAAE,CAAC,IAAI,CAAC;IACf,OAAO,EAAE,EAAE;IACX,OAAO,EAAE;QACP,MAAM,EAAE;YACN,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE;gBACtB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,WAAW,CAAC,YAAY,CAAC,EAAE;gBAC1B,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,WAAW,CAAC,aAAa,CAAC,EAAE;gBAC3B,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE;gBACxB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE;gBACvB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,YAAY,CAAC,WAAW,CAAC,EAAE;gBAC1B,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE;gBACtB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;SACF;QACD,IAAI,EAAE;YACJ,MAAM,EAAE,mBAAmB;YAC3B,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,QAAQ;YAClB,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,EAAE,GAAG,EAAE,EAAE,SAAS;SAC3B;KACF;CACF,CAAC;AAEF;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAC/B,SAAqB,EAAE,EACC,EAAE;IAC1B,0EAA0E;IAC1E,MAAM,aAAa,GAAG,gBAAgB,CAAC;QACrC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;QAC3C,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB;QAC5C,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB;QACjD,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;QACnD,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;QAC3C,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB;QAC7C,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG,CAAC;QACrD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG,CAAC;QACrD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;YAC5C,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;YACnD,CAAC,CAAC,SAAS;KACd,CAAe,CAAC;IACjB,MAAM,YAAY,GAAG;QACnB,GAAG,iBAAiB;QACpB,GAAG,aAAa,EAAE,0BAA0B;QAC5C,GAAG,MAAM,EAAE,uCAAuC;QAClD,OAAO,EAAE;YACP,MAAM,EAAE;gBACN,GAAG,iBAAiB,CAAC,OAAO,CAAC,MAAM;gBACnC,GAAG,CAAC,aAAa,EAAE,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC;gBACzC,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC;aAClC;YACD,IAAI,EAAE;gBACJ,GAAG,iBAAiB,CAAC,OAAO,CAAC,IAAI;gBACjC,GAAG,CAAC,aAAa,EAAE,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC;gBACvC,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC;aAChC;SACF;KACF,CAAC;IAEF,MAAM,CAAC,KAAK,CACV,0BAA0B,EAC1B,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CACvC,CAAC;IACF,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACxE,IAAI,YAAY,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IACD,OAAO,YAA6D,CAAC;AACvE,CAAC,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CACnC,UAA+D,EAC/D,EAAE;IACF,OAAO,CAAC,UAAuB,EAAE,EAAE;QACjC,MAAM,CAAC,KAAK,CACV,kCAAkC,EAClC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CACpC,CAAC;QACF,MAAM,cAAc,GAAG,iBAAiB,CAAC,EAAE,GAAG,UAAU,EAAE,CAAC,CAAC;QAC5D,OAAO;YACL,GAAG,UAAU;YACb,GAAG,EAAE;gBACH,GAAG,UAAU,EAAE,GAAG;gBAClB,6DAA6D;gBAC7D,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,mBAAmB,EAAE,cAAc,CAAC,WAAW;gBAC/C,wBAAwB,EAAE,cAAc,CAAC,WAAW;gBACpD,yBAAyB,EAAE,cAAc,CAAC,YAAY;gBACtD,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,sBAAsB,EAAE,cAAc,CAAC,SAAS;gBAChD,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtD,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtD,yBAAyB,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,OAAO,CAAC;aAClE;SACF,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC,CAAC","sourcesContent":["/* eslint-disable turbo/no-undeclared-env-vars /\nimport type { NextConfig } from \"next\";\nimport { loggers } from \"@/lib/logger.js\";\nimport { withoutUndefined } from \"@/utils.js\";\nimport {\n CodeVerifier,\n type CookieConfig,\n OAuthTokens,\n type TokensCookieConfig,\n} from \"@/shared/lib/types.js\";\nimport { DEFAULT_AUTH_SERVER } from \"@/constants.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nexport type CookiesConfigObject = {\n tokens: TokensCookieConfig;\n user: CookieConfig;\n};\n\nexport type AuthConfigWithDefaults = {\n clientId: string;\n oauthServer: string;\n callbackUrl: string;\n loginUrl: string;\n logoutUrl: string;\n challengeUrl: string;\n include: string[];\n exclude: string[];\n cookies: CookiesConfigObject;\n};\n\nexport type AuthConfig = Partial<AuthConfigWithDefaults>;\n\nexport type DefinedAuthConfig = AuthConfigWithDefaults;\n\nconst defaultServerSecure = !(process.env.NODE_ENV === \"development\");\n/\n Default configuration values that will be used if not overridden\n /\nexport const defaultAuthConfig: Omit<AuthConfigWithDefaults, \"clientId\"> = {\n oauthServer: DEFAULT_AUTH_SERVER,\n callbackUrl: \"/api/auth/callback\",\n challengeUrl: \"/api/auth/challenge\",\n logoutUrl: \"/api/auth/logout\",\n loginUrl: \"/\",\n include: [\"/\"],\n exclude: [],\n cookies: {\n tokens: {\n [OAuthTokens.ID_TOKEN]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n },\n [OAuthTokens.ACCESS_TOKEN]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n },\n [OAuthTokens.REFRESH_TOKEN]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n },\n [OAuthTokens.EXPIRES_IN]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n },\n [OAuthTokens.TIMESTAMP]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n },\n [CodeVerifier.COOKIE_NAME]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n },\n [CodeVerifier.APP_URL]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n },\n },\n user: {\n secure: defaultServerSecure,\n httpOnly: false,\n sameSite: \"strict\",\n path: \"/\",\n maxAge: 60 * 60, // 1 hour\n },\n },\n};\n\n/*\n Resolves the authentication configuration by combining:\n * 1. Default values\n * 2. Environment variables (set internally by the plugin)\n * 3. Explicitly passed configuration\n \n Note: Developers should not set _civic_auth_* environment variables directly.\n * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:\n \n @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n * callbackUrl: '/custom/callback',\n * })\n * ```\n /\nexport const resolveAuthConfig = (\n config: AuthConfig = {},\n): AuthConfigWithDefaults => {\n // Read configuration that was set by the plugin via environment variables\n const configFromEnv = withoutUndefined({\n clientId: process.env._civic_auth_client_id,\n oauthServer: process.env._civic_oauth_server,\n callbackUrl: process.env._civic_auth_callback_url,\n challengeUrl: process.env._civic_auth_challenge_url,\n loginUrl: process.env._civic_auth_login_url,\n logoutUrl: process.env._civic_auth_logout_url,\n include: process.env._civic_auth_includes?.split(\",\"),\n exclude: process.env._civic_auth_excludes?.split(\",\"),\n cookies: process.env._civic_auth_cookie_config\n ? JSON.parse(process.env._civic_auth_cookie_config)\n : undefined,\n }) as AuthConfig;\n const mergedConfig = {\n ...defaultAuthConfig,\n ...configFromEnv, // Apply plugin-set config\n ...config, // Override with directly passed config\n cookies: {\n tokens: {\n ...defaultAuthConfig.cookies.tokens,\n ...(configFromEnv?.cookies?.tokens \|\| {}),\n ...(config.cookies?.tokens \|\| {}),\n },\n user: {\n ...defaultAuthConfig.cookies.user,\n ...(configFromEnv?.cookies?.user \|\| {}),\n ...(config.cookies?.user \|\| {}),\n },\n },\n };\n\n logger.debug(\n \"Config from environment:\",\n JSON.stringify(configFromEnv, null, 2),\n );\n logger.debug(\"Resolved config:\", JSON.stringify(mergedConfig, null, 2));\n if (mergedConfig.clientId === undefined) {\n throw new Error(\"Civic Auth client ID is required\");\n }\n return mergedConfig as AuthConfigWithDefaults & { clientId: string };\n};\n\n/\n Creates a Next.js plugin that handles auth configuration.\n \n This is the main configuration point for the auth system.\n * Do not set _civic_auth_* environment variables directly - instead,\n * pass your configuration here:\n \n @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n * clientId: 'my-client-id',\n * callbackUrl: '/custom/callback',\n * loginUrl: '/custom/login',\n * logoutUrl: '/custom/logout',\n * include: ['/protected/'],\n exclude: ['/public/']\n })\n * ```\n \n The plugin sets internal environment variables that are used by\n * the auth system. These variables should not be set manually.\n */\nexport const createCivicAuthPlugin = (\n authConfig: AuthConfig & Pick<Required<AuthConfig>, \"clientId\">,\n) => {\n return (nextConfig?: NextConfig) => {\n logger.debug(\n \"createCivicAuthPlugin nextConfig\",\n JSON.stringify(nextConfig, null, 2),\n );\n const resolvedConfig = resolveAuthConfig({ ...authConfig });\n return {\n ...nextConfig,\n env: {\n ...nextConfig?.env,\n // Internal environment variables - do not set these manually\n _civic_auth_client_id: resolvedConfig.clientId,\n _civic_oauth_server: resolvedConfig.oauthServer,\n _civic_auth_callback_url: resolvedConfig.callbackUrl,\n _civic_auth_challenge_url: resolvedConfig.challengeUrl,\n _civic_auth_login_url: resolvedConfig.loginUrl,\n _civic_auth_logout_url: resolvedConfig.logoutUrl,\n _civic_auth_includes: resolvedConfig.include.join(\",\"),\n _civic_auth_excludes: resolvedConfig.exclude.join(\",\"),\n _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies),\n },\n };\n };\n};\n"]}
1	+ {"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/nextjs/config.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EACL,YAAY,EAEZ,WAAW,GAEZ,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAErD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;AAwB5C,MAAM,mBAAmB,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa,CAAC,CAAC;AACtE;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAA6C;IACzE,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,oBAAoB;IACjC,YAAY,EAAE,qBAAqB;IACnC,SAAS,EAAE,kBAAkB;IAC7B,iBAAiB,EAAE,0BAA0B;IAC7C,QAAQ,EAAE,GAAG;IACb,OAAO,EAAE,CAAC,IAAI,CAAC;IACf,OAAO,EAAE,EAAE;IACX,OAAO,EAAE;QACP,MAAM,EAAE;YACN,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE;gBACtB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,WAAW,CAAC,YAAY,CAAC,EAAE;gBAC1B,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,WAAW,CAAC,aAAa,CAAC,EAAE;gBAC3B,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE;gBACxB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE;gBACvB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,YAAY,CAAC,WAAW,CAAC,EAAE;gBAC1B,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE;gBACtB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;SACF;QACD,IAAI,EAAE;YACJ,MAAM,EAAE,mBAAmB;YAC3B,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,QAAQ;YAClB,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,EAAE,GAAG,EAAE,EAAE,SAAS;SAC3B;KACF;CACF,CAAC;AAEF;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAC/B,SAAqB,EAAE,EACC,EAAE;IAC1B,0EAA0E;IAC1E,MAAM,aAAa,GAAG,gBAAgB,CAAC;QACrC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;QAC3C,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB;QAC5C,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB;QACjD,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;QACnD,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;QAC3C,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB;QAC7C,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,+BAA+B;QAC9D,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG,CAAC;QACrD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG,CAAC;QACrD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;YAC5C,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;YACnD,CAAC,CAAC,SAAS;KACd,CAAe,CAAC;IACjB,MAAM,YAAY,GAAG;QACnB,GAAG,iBAAiB;QACpB,GAAG,aAAa,EAAE,0BAA0B;QAC5C,GAAG,MAAM,EAAE,uCAAuC;QAClD,OAAO,EAAE;YACP,MAAM,EAAE;gBACN,GAAG,iBAAiB,CAAC,OAAO,CAAC,MAAM;gBACnC,GAAG,CAAC,aAAa,EAAE,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC;gBACzC,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC;aAClC;YACD,IAAI,EAAE;gBACJ,GAAG,iBAAiB,CAAC,OAAO,CAAC,IAAI;gBACjC,GAAG,CAAC,aAAa,EAAE,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC;gBACvC,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC;aAChC;SACF;KACF,CAAC;IAEF,MAAM,CAAC,KAAK,CACV,0BAA0B,EAC1B,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CACvC,CAAC;IACF,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACxE,IAAI,YAAY,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IACD,OAAO,YAA6D,CAAC;AACvE,CAAC,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CACnC,UAA+D,EAC/D,EAAE;IACF,OAAO,CAAC,UAAuB,EAAE,EAAE;QACjC,MAAM,CAAC,KAAK,CACV,kCAAkC,EAClC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CACpC,CAAC;QACF,MAAM,cAAc,GAAG,iBAAiB,CAAC,EAAE,GAAG,UAAU,EAAE,CAAC,CAAC;QAC5D,OAAO;YACL,GAAG,UAAU;YACb,GAAG,EAAE;gBACH,GAAG,UAAU,EAAE,GAAG;gBAClB,6DAA6D;gBAC7D,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,mBAAmB,EAAE,cAAc,CAAC,WAAW;gBAC/C,wBAAwB,EAAE,cAAc,CAAC,WAAW;gBACpD,yBAAyB,EAAE,cAAc,CAAC,YAAY;gBACtD,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,sBAAsB,EAAE,cAAc,CAAC,SAAS;gBAChD,+BAA+B,EAAE,cAAc,CAAC,iBAAiB;gBACjE,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtD,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtD,yBAAyB,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,OAAO,CAAC;aAClE;SACF,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC,CAAC","sourcesContent":["/* eslint-disable turbo/no-undeclared-env-vars /\nimport type { NextConfig } from \"next\";\nimport { loggers } from \"@/lib/logger.js\";\nimport { withoutUndefined } from \"@/utils.js\";\nimport {\n CodeVerifier,\n type CookieConfig,\n OAuthTokens,\n type TokensCookieConfig,\n} from \"@/shared/lib/types.js\";\nimport { DEFAULT_AUTH_SERVER } from \"@/constants.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nexport type CookiesConfigObject = {\n tokens: TokensCookieConfig;\n user: CookieConfig;\n};\n\nexport type AuthConfigWithDefaults = {\n clientId: string;\n oauthServer: string;\n callbackUrl: string;\n loginUrl: string;\n logoutUrl: string;\n logoutCallbackUrl: string;\n challengeUrl: string;\n include: string[];\n exclude: string[];\n cookies: CookiesConfigObject;\n};\n\nexport type AuthConfig = Partial<AuthConfigWithDefaults>;\n\nexport type DefinedAuthConfig = AuthConfigWithDefaults;\n\nconst defaultServerSecure = !(process.env.NODE_ENV === \"development\");\n/\n Default configuration values that will be used if not overridden\n /\nexport const defaultAuthConfig: Omit<AuthConfigWithDefaults, \"clientId\"> = {\n oauthServer: DEFAULT_AUTH_SERVER,\n callbackUrl: \"/api/auth/callback\",\n challengeUrl: \"/api/auth/challenge\",\n logoutUrl: \"/api/auth/logout\",\n logoutCallbackUrl: \"/api/auth/logoutcallback\",\n loginUrl: \"/\",\n include: [\"/\"],\n exclude: [],\n cookies: {\n tokens: {\n [OAuthTokens.ID_TOKEN]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n },\n [OAuthTokens.ACCESS_TOKEN]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n },\n [OAuthTokens.REFRESH_TOKEN]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n },\n [OAuthTokens.EXPIRES_IN]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n },\n [OAuthTokens.TIMESTAMP]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n },\n [CodeVerifier.COOKIE_NAME]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n },\n [CodeVerifier.APP_URL]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n },\n },\n user: {\n secure: defaultServerSecure,\n httpOnly: false,\n sameSite: \"strict\",\n path: \"/\",\n maxAge: 60 * 60, // 1 hour\n },\n },\n};\n\n/*\n Resolves the authentication configuration by combining:\n * 1. Default values\n * 2. Environment variables (set internally by the plugin)\n * 3. Explicitly passed configuration\n \n Note: Developers should not set _civic_auth_* environment variables directly.\n * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:\n \n @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n * callbackUrl: '/custom/callback',\n * })\n * ```\n /\nexport const resolveAuthConfig = (\n config: AuthConfig = {},\n): AuthConfigWithDefaults => {\n // Read configuration that was set by the plugin via environment variables\n const configFromEnv = withoutUndefined({\n clientId: process.env._civic_auth_client_id,\n oauthServer: process.env._civic_oauth_server,\n callbackUrl: process.env._civic_auth_callback_url,\n challengeUrl: process.env._civic_auth_challenge_url,\n loginUrl: process.env._civic_auth_login_url,\n logoutUrl: process.env._civic_auth_logout_url,\n logoutCallbackUrl: process.env._civic_auth_logout_callback_url,\n include: process.env._civic_auth_includes?.split(\",\"),\n exclude: process.env._civic_auth_excludes?.split(\",\"),\n cookies: process.env._civic_auth_cookie_config\n ? JSON.parse(process.env._civic_auth_cookie_config)\n : undefined,\n }) as AuthConfig;\n const mergedConfig = {\n ...defaultAuthConfig,\n ...configFromEnv, // Apply plugin-set config\n ...config, // Override with directly passed config\n cookies: {\n tokens: {\n ...defaultAuthConfig.cookies.tokens,\n ...(configFromEnv?.cookies?.tokens \|\| {}),\n ...(config.cookies?.tokens \|\| {}),\n },\n user: {\n ...defaultAuthConfig.cookies.user,\n ...(configFromEnv?.cookies?.user \|\| {}),\n ...(config.cookies?.user \|\| {}),\n },\n },\n };\n\n logger.debug(\n \"Config from environment:\",\n JSON.stringify(configFromEnv, null, 2),\n );\n logger.debug(\"Resolved config:\", JSON.stringify(mergedConfig, null, 2));\n if (mergedConfig.clientId === undefined) {\n throw new Error(\"Civic Auth client ID is required\");\n }\n return mergedConfig as AuthConfigWithDefaults & { clientId: string };\n};\n\n/\n Creates a Next.js plugin that handles auth configuration.\n \n This is the main configuration point for the auth system.\n * Do not set _civic_auth_* environment variables directly - instead,\n * pass your configuration here:\n \n @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n * clientId: 'my-client-id',\n * callbackUrl: '/custom/callback',\n * loginUrl: '/custom/login',\n * logoutUrl: '/custom/logout',\n * logoutCallbackUrl: '/custom/logoutcallback',\n * include: ['/protected/'],\n exclude: ['/public/']\n })\n * ```\n \n The plugin sets internal environment variables that are used by\n * the auth system. These variables should not be set manually.\n */\nexport const createCivicAuthPlugin = (\n authConfig: AuthConfig & Pick<Required<AuthConfig>, \"clientId\">,\n) => {\n return (nextConfig?: NextConfig) => {\n logger.debug(\n \"createCivicAuthPlugin nextConfig\",\n JSON.stringify(nextConfig, null, 2),\n );\n const resolvedConfig = resolveAuthConfig({ ...authConfig });\n return {\n ...nextConfig,\n env: {\n ...nextConfig?.env,\n // Internal environment variables - do not set these manually\n _civic_auth_client_id: resolvedConfig.clientId,\n _civic_oauth_server: resolvedConfig.oauthServer,\n _civic_auth_callback_url: resolvedConfig.callbackUrl,\n _civic_auth_challenge_url: resolvedConfig.challengeUrl,\n _civic_auth_login_url: resolvedConfig.loginUrl,\n _civic_auth_logout_url: resolvedConfig.logoutUrl,\n _civic_auth_logout_callback_url: resolvedConfig.logoutCallbackUrl,\n _civic_auth_includes: resolvedConfig.include.join(\",\"),\n _civic_auth_excludes: resolvedConfig.exclude.join(\",\"),\n _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies),\n },\n };\n };\n};\n"]}

package/dist/esm/nextjs/hooks/useUserCookie.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"useUserCookie.d.ts","sourceRoot":"","sources":["../../../../src/nextjs/hooks/useUserCookie.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAqBpD,eAAO,MAAM,aAAa,GAAI,CAAC,SAAS,WAAW;;;~~CAkDlD~~,CAAC"}
1	+ {"version":3,"file":"useUserCookie.d.ts","sourceRoot":"","sources":["../../../../src/nextjs/hooks/useUserCookie.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAqBpD,eAAO,MAAM,aAAa,GAAI,CAAC,SAAS,WAAW;;;CAqDlD,CAAC"}

package/dist/esm/nextjs/hooks/useUserCookie.js CHANGED Viewed

@@ -42,6 +42,8 @@ export const useUserCookie = () => {
             fetchUser(abortController);
         };
         window.addEventListener("focus", handleFocus);
+        // call fetchUser on load to get initial user if present
+        fetchUser(abortController);
         return () => {
             abortController.abort();
             clearInterval(intervalId);

package/dist/esm/nextjs/hooks/useUserCookie.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"useUserCookie.js","sourceRoot":"","sources":["../../../../src/nextjs/hooks/useUserCookie.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AACb,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACjE,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAExD,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAMjE,MAAM,yBAAyB,GAAG,GAA2B,EAAE,CAC7D,oBAAoB,CAAC;IACnB;QACE,GAAG,EAAE,WAAW,CAAC,IAAI;QACrB,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,SAAS,EAAE,IAAI;KAChB;IACD;QACE,GAAG,EAAE,WAAW,CAAC,QAAQ;QACzB,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,SAAS,EAAE,KAAK;KACjB;CACF,CAA2B,CAAC;AAE/B,MAAM,CAAC,MAAM,aAAa,GAAG,GAA0B,EAAE;IACvD,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,QAAQ,CAAiB,IAAI,CAAC,CAAC;IACvD,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,QAAQ,EAAsB,CAAC;IAC7D,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAChC,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAE3B,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,EAAE,eAAgC,EAAE,EAAE;QACvE,IAAI,eAAe,CAAC,MAAM,CAAC,OAAO;YAAE,OAAO;QAC3C,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAG,yBAAyB,EAAE,IAAI,EAAE,CAAC;YACnD,MAAM,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAY,CAAC;YACvD,MAAM,SAAS,GAAG,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;YACjD,IAAI,eAAe,CAAC,MAAM,CAAC,OAAO;gBAAE,OAAO;YAE3C,UAAU,CAAC,SAAS,CAAC,CAAC;YACtB,OAAO,CAAC,QAAQ,IAAI,IAAI,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,SAAS,CAAC,GAAG,EAAE;QACb,MAAM,eAAe,GAAG,IAAI,eAAe,EAAE,CAAC;QAC9C,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE;YAClC,SAAS,CAAC,eAAe,CAAC,CAAC;QAC7B,CAAC,EAAE,IAAI,CAAC,CAAC;QAET,MAAM,WAAW,GAAG,GAAG,EAAE;YACvB,SAAS,CAAC,eAAe,CAAC,CAAC;QAC7B,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAE9C,OAAO,GAAG,EAAE;YACV,eAAe,CAAC,KAAK,EAAE,CAAC;YACxB,aAAa,CAAC,UAAU,CAAC,CAAC;YAC1B,MAAM,CAAC,mBAAmB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QACnD,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;IAEhB,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;gBACvB,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC;gBACzB,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,SAAS,CAAC,OAAO,GAAG,KAAK,CAAC;QAC5B,CAAC;IACH,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IAEnB,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AAC3B,CAAC,CAAC","sourcesContent":["\"use client\";\nimport { useCallback, useEffect, useRef, useState } from \"react\";\nimport { useRouter } from \"next/navigation.js\";\nimport { getWindowCookieValue } from \"@/lib/cookies.js\";\nimport type { EmptyObject, User } from \"@/types.js\";\nimport { OAuthTokens, UserStorage } from \"@/shared/lib/types.js\";\n\ntype UserAndTokenFromCookie = {\n [UserStorage.USER]: User \| undefined;\n [OAuthTokens.ID_TOKEN]: string \| undefined;\n};\nconst getUserAndTokenFromCookie = (): UserAndTokenFromCookie =>\n getWindowCookieValue([\n {\n key: UserStorage.USER,\n window: globalThis.window,\n parseJson: true,\n },\n {\n key: OAuthTokens.ID_TOKEN,\n window: globalThis.window,\n parseJson: false,\n },\n ]) as UserAndTokenFromCookie;\n\nexport const useUserCookie = <T extends EmptyObject>() => {\n const [user, setUser] = useState<User<T> \| null>(null);\n const [idToken, setIdToken] = useState<string \| undefined>();\n const hasRunRef = useRef(false);\n const router = useRouter();\n\n const fetchUser = useCallback(async (abortController: AbortController) => {\n if (abortController.signal.aborted) return;\n if (!hasRunRef.current) {\n const response = getUserAndTokenFromCookie() \|\| {};\n const userData = response[UserStorage.USER] as User<T>;\n const tokenData = response[OAuthTokens.ID_TOKEN];\n if (abortController.signal.aborted) return;\n\n setIdToken(tokenData);\n setUser(userData \|\| null);\n }\n }, []);\n\n useEffect(() => {\n const abortController = new AbortController();\n const intervalId = setInterval(() => {\n fetchUser(abortController);\n }, 2000);\n\n const handleFocus = () => {\n fetchUser(abortController);\n };\n\n window.addEventListener(\"focus\", handleFocus);\n\n return () => {\n abortController.abort();\n clearInterval(intervalId);\n window.removeEventListener(\"focus\", handleFocus);\n };\n }, [fetchUser]);\n\n useEffect(() => {\n if (user) {\n if (!hasRunRef.current) {\n hasRunRef.current = true;\n router.refresh();\n }\n } else {\n hasRunRef.current = false;\n }\n }, [user, router]);\n\n return { user, idToken };\n};\n"]}
1	+ {"version":3,"file":"useUserCookie.js","sourceRoot":"","sources":["../../../../src/nextjs/hooks/useUserCookie.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AACb,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACjE,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAExD,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAMjE,MAAM,yBAAyB,GAAG,GAA2B,EAAE,CAC7D,oBAAoB,CAAC;IACnB;QACE,GAAG,EAAE,WAAW,CAAC,IAAI;QACrB,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,SAAS,EAAE,IAAI;KAChB;IACD;QACE,GAAG,EAAE,WAAW,CAAC,QAAQ;QACzB,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,SAAS,EAAE,KAAK;KACjB;CACF,CAA2B,CAAC;AAE/B,MAAM,CAAC,MAAM,aAAa,GAAG,GAA0B,EAAE;IACvD,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,QAAQ,CAAiB,IAAI,CAAC,CAAC;IACvD,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,QAAQ,EAAsB,CAAC;IAC7D,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAChC,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAE3B,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,EAAE,eAAgC,EAAE,EAAE;QACvE,IAAI,eAAe,CAAC,MAAM,CAAC,OAAO;YAAE,OAAO;QAC3C,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAG,yBAAyB,EAAE,IAAI,EAAE,CAAC;YACnD,MAAM,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAY,CAAC;YACvD,MAAM,SAAS,GAAG,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;YACjD,IAAI,eAAe,CAAC,MAAM,CAAC,OAAO;gBAAE,OAAO;YAE3C,UAAU,CAAC,SAAS,CAAC,CAAC;YACtB,OAAO,CAAC,QAAQ,IAAI,IAAI,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,SAAS,CAAC,GAAG,EAAE;QACb,MAAM,eAAe,GAAG,IAAI,eAAe,EAAE,CAAC;QAC9C,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE;YAClC,SAAS,CAAC,eAAe,CAAC,CAAC;QAC7B,CAAC,EAAE,IAAI,CAAC,CAAC;QAET,MAAM,WAAW,GAAG,GAAG,EAAE;YACvB,SAAS,CAAC,eAAe,CAAC,CAAC;QAC7B,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAE9C,wDAAwD;QACxD,SAAS,CAAC,eAAe,CAAC,CAAC;QAE3B,OAAO,GAAG,EAAE;YACV,eAAe,CAAC,KAAK,EAAE,CAAC;YACxB,aAAa,CAAC,UAAU,CAAC,CAAC;YAC1B,MAAM,CAAC,mBAAmB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QACnD,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;IAEhB,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;gBACvB,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC;gBACzB,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,SAAS,CAAC,OAAO,GAAG,KAAK,CAAC;QAC5B,CAAC;IACH,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IAEnB,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AAC3B,CAAC,CAAC","sourcesContent":["\"use client\";\nimport { useCallback, useEffect, useRef, useState } from \"react\";\nimport { useRouter } from \"next/navigation.js\";\nimport { getWindowCookieValue } from \"@/lib/cookies.js\";\nimport type { EmptyObject, User } from \"@/types.js\";\nimport { OAuthTokens, UserStorage } from \"@/shared/lib/types.js\";\n\ntype UserAndTokenFromCookie = {\n [UserStorage.USER]: User \| undefined;\n [OAuthTokens.ID_TOKEN]: string \| undefined;\n};\nconst getUserAndTokenFromCookie = (): UserAndTokenFromCookie =>\n getWindowCookieValue([\n {\n key: UserStorage.USER,\n window: globalThis.window,\n parseJson: true,\n },\n {\n key: OAuthTokens.ID_TOKEN,\n window: globalThis.window,\n parseJson: false,\n },\n ]) as UserAndTokenFromCookie;\n\nexport const useUserCookie = <T extends EmptyObject>() => {\n const [user, setUser] = useState<User<T> \| null>(null);\n const [idToken, setIdToken] = useState<string \| undefined>();\n const hasRunRef = useRef(false);\n const router = useRouter();\n\n const fetchUser = useCallback(async (abortController: AbortController) => {\n if (abortController.signal.aborted) return;\n if (!hasRunRef.current) {\n const response = getUserAndTokenFromCookie() \|\| {};\n const userData = response[UserStorage.USER] as User<T>;\n const tokenData = response[OAuthTokens.ID_TOKEN];\n if (abortController.signal.aborted) return;\n\n setIdToken(tokenData);\n setUser(userData \|\| null);\n }\n }, []);\n\n useEffect(() => {\n const abortController = new AbortController();\n const intervalId = setInterval(() => {\n fetchUser(abortController);\n }, 2000);\n\n const handleFocus = () => {\n fetchUser(abortController);\n };\n\n window.addEventListener(\"focus\", handleFocus);\n\n // call fetchUser on load to get initial user if present\n fetchUser(abortController);\n\n return () => {\n abortController.abort();\n clearInterval(intervalId);\n window.removeEventListener(\"focus\", handleFocus);\n };\n }, [fetchUser]);\n\n useEffect(() => {\n if (user) {\n if (!hasRunRef.current) {\n hasRunRef.current = true;\n router.refresh();\n }\n } else {\n hasRunRef.current = false;\n }\n }, [user, router]);\n\n return { user, idToken };\n};\n"]}

package/dist/esm/nextjs/providers/NextAuthProvider.d.ts CHANGED Viewed

@@ -4,10 +4,10 @@
 import React from "react";
 import { type AuthConfigWithDefaults } from "../../nextjs/config.js";
 import type { AuthProviderProps } from "../../shared/providers/types.js";
-type InternalNextCivicAuthProviderProps = Omit<AuthProviderProps, "clientId"> & {
+type NextCivicAuthProviderInternalProps = Omit<AuthProviderProps, "clientId"> & {
     resolvedConfig: AuthConfigWithDefaults;
 };
-type NextCivicAuthProviderProps = Omit<InternalNextCivicAuthProviderProps, "clientId" | "resolvedConfig" | "redirectUrl">;
+type NextCivicAuthProviderProps = Omit<NextCivicAuthProviderInternalProps, "clientId" | "resolvedConfig" | "redirectUrl">;
 declare const CivicNextAuthProvider: ({ children, ...props }: NextCivicAuthProviderProps) => React.JSX.Element;
 export { CivicNextAuthProvider, type NextCivicAuthProviderProps };
 //# sourceMappingURL=NextAuthProvider.d.ts.map

package/dist/esm/nextjs/providers/NextAuthProvider.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"NextAuthProvider.d.ts","sourceRoot":"","sources":["../../../../src/nextjs/providers/NextAuthProvider.tsx"],"names":[],"mappings":"AACA;;GAEG;AACH,OAAO,KAA2C,MAAM,OAAO,CAAC;AAChE,OAAO,EAEL,KAAK,sBAAsB,EAC5B,MAAM,oBAAoB,CAAC;~~AAgB5B~~,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;~~AAErE~~,KAAK,kCAAkC,GAAG,IAAI,CAC5C,iBAAiB,EACjB,UAAU,CACX,GAAG;IACF,cAAc,EAAE,sBAAsB,CAAC;CACxC,CAAC;AACF,KAAK,0BAA0B,GAAG,IAAI,CACpC,kCAAkC,EAClC,UAAU,GAAG,gBAAgB,GAAG,aAAa,CAC9C,CAAC;~~AAoEF~~,QAAA,MAAM,qBAAqB,2BAGxB,0BAA0B,~~sBA+B5B~~,CAAC;AAEF,OAAO,EAAE,qBAAqB,EAAE,KAAK,0BAA0B,EAAE,CAAC"}
1	+ {"version":3,"file":"NextAuthProvider.d.ts","sourceRoot":"","sources":["../../../../src/nextjs/providers/NextAuthProvider.tsx"],"names":[],"mappings":"AACA;;GAEG;AACH,OAAO,KAA2C,MAAM,OAAO,CAAC;AAChE,OAAO,EAEL,KAAK,sBAAsB,EAC5B,MAAM,oBAAoB,CAAC;AAiB5B,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAMrE,KAAK,kCAAkC,GAAG,IAAI,CAC5C,iBAAiB,EACjB,UAAU,CACX,GAAG;IACF,cAAc,EAAE,sBAAsB,CAAC;CACxC,CAAC;AACF,KAAK,0BAA0B,GAAG,IAAI,CACpC,kCAAkC,EAClC,UAAU,GAAG,gBAAgB,GAAG,aAAa,CAC9C,CAAC;AAoFF,QAAA,MAAM,qBAAqB,2BAGxB,0BAA0B,sBAwC5B,CAAC;AAEF,OAAO,EAAE,qBAAqB,EAAE,KAAK,0BAA0B,EAAE,CAAC"}

package/dist/esm/nextjs/providers/NextAuthProvider.js CHANGED Viewed

@@ -19,51 +19,51 @@ import { IFrameAndLoading } from "../../shared/components/IFrameAndLoading.js";
 import { BlockDisplay } from "../../shared/components/BlockDisplay.js";
 import { LoadingIcon } from "../../shared/components/LoadingIcon.js";
 import { useIframe } from "../../shared/hooks/useIframe.js";
-const CivicNextAuthProviderInternal = ({ children, resolvedConfig, ...props }) => {
-    const { iframeMode } = props;
+import { useSession } from "../../reactjs/index.js";
+const CivicNextAuthTokenProviderInternal = ({ children, isLoading, displayMode = "iframe", ...props }) => {
+    const { iframeMode, resolvedConfig } = props;
     const { iframeRef } = useIframe();
-    const [isLoading, setIsLoading] = useState(false);
     const civicAuthConfig = useCivicAuthConfig();
-    const { challengeUrl, logoutUrl } = resolvedConfig;
+    const { challengeUrl } = resolvedConfig;
     const pkceConsumer = new ConfidentialClientPKCEConsumer(challengeUrl);
-    const postSignOut = async () => {
-        const appUrl = globalThis.window.location.origin;
-        window.location.href = `${logoutUrl}?appUrl=${appUrl}`;
-        return;
-    };
-    const preSignOut = useCallback(async () => {
-        setIsLoading(true);
+    const { data: session } = useSession();
+    const { user } = useUserCookie();
+    const postSignOut = useCallback(async () => {
         await props?.onSignOut?.();
     }, [props]);
     const { signIn, signOut } = useSignIn({
-        preSignOut,
         postSignOut,
         pkceConsumer,
+        displayMode,
     });
-    const { user, idToken } = useUserCookie();
-    const session = {
-        authenticated: !!user,
-        idToken,
-    };
     useEffect(() => {
         if (iframeMode === "embedded" &&
             civicAuthConfig &&
             !session?.authenticated &&
             iframeRef?.current) {
-            signIn("iframe");
+            signIn();
         }
     }, [iframeMode, civicAuthConfig, session?.authenticated, iframeRef, signIn]);
+    return (React.createElement(TokenProvider, null,
+        React.createElement(UserProvider, { storage: new NextjsClientStorage(), user: user, signOut: signOut, signIn: signIn, displayMode: displayMode },
+            React.createElement(IFrameAndLoading, { error: null, isLoading: isLoading, showIframeOnLogout: true }),
+            isLoading && (React.createElement(BlockDisplay, null,
+                React.createElement(LoadingIcon, null))),
+            children)));
+};
+const CivicNextAuthProviderInternal = ({ children, ...props }) => {
+    const isLoading = false;
+    const { user, idToken } = useUserCookie();
+    const session = {
+        authenticated: !!user,
+        idToken,
+    };
     return (React.createElement(SessionProvider, { data: session, isLoading: isLoading },
-        React.createElement(TokenProvider, null,
-            React.createElement(UserProvider, { storage: new NextjsClientStorage(), user: user, signOut: signOut, signIn: signIn },
-                React.createElement(IFrameAndLoading, { isLoading: isLoading, error: null }),
-                isLoading && (React.createElement(BlockDisplay, null,
-                    React.createElement(LoadingIcon, null))),
-                children))));
+        React.createElement(CivicNextAuthTokenProviderInternal, { ...props, isLoading: isLoading }, children)));
 };
 const CivicNextAuthProvider = ({ children, ...props }) => {
     const resolvedConfig = resolveAuthConfig();
-    const { clientId, oauthServer, callbackUrl, challengeUrl, logoutUrl } = resolvedConfig;
+    const { clientId, oauthServer, callbackUrl, challengeUrl, logoutUrl, logoutCallbackUrl, } = resolvedConfig;
     const [redirectUrl, setRedirectUrl] = useState("");
     useEffect(() => {
         if (typeof globalThis.window !== "undefined") {
@@ -71,7 +71,7 @@ const CivicNextAuthProvider = ({ children, ...props }) => {
             setRedirectUrl(resolveCallbackUrl(resolvedConfig, appUrl));
         }
     }, [callbackUrl, resolvedConfig]);
-    return (React.createElement(CivicAuthConfigProvider, { oauthServer: oauthServer, clientId: clientId, redirectUrl: redirectUrl, nonce: props?.nonce, challengeUrl: challengeUrl, logoutUrl: logoutUrl },
+    return (React.createElement(CivicAuthConfigProvider, { oauthServer: oauthServer, clientId: clientId, redirectUrl: redirectUrl, logoutRedirectUrl: logoutCallbackUrl, nonce: props?.nonce, challengeUrl: challengeUrl, logoutUrl: logoutUrl, logoutCallbackUrl: logoutCallbackUrl },
         React.createElement(IframeProvider, { iframeMode: props.iframeMode },
             React.createElement(CivicNextAuthProviderInternal, { ...props, resolvedConfig: resolvedConfig }, children))));
 };

package/dist/esm/nextjs/providers/NextAuthProvider.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"NextAuthProvider.js","sourceRoot":"","sources":["../../../../src/nextjs/providers/NextAuthProvider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;AACb;;GAEG;AACH,OAAO,KAAK,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AAChE,OAAO,EACL,iBAAiB,GAElB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AACvD,OAAO,EAAE,8BAA8B,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,oCAAoC,CAAC;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAChE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8CAA8C,CAAC;AACvF,OAAO,EAAE,eAAe,EAAE,MAAM,uCAAuC,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,sCAAsC,CAAC;AACtE,OAAO,EAAE,aAAa,EAAE,MAAM,qCAAqC,CAAC;AACpE,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sCAAsC,CAAC;AAC1E,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAC3E,OAAO,EAAE,YAAY,EAAE,MAAM,qCAAqC,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAC;AACjE,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;~~AAcxD~~,MAAM,~~6BAA6B~~,GAAG,CAAC,~~EACrC~~,QAAQ,EACR,~~cAAc~~,~~EACd~~,GAAG,KAAK,~~EAC2B~~,EAAE,EAAE;~~IACvC~~,MAAM,EAAE,UAAU,EAAE,GAAG,KAAK,CAAC;~~IAC7B~~,MAAM,EAAE,SAAS,EAAE,GAAG,SAAS,EAAE,CAAC;IAClC,MAAM,~~CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAAU,KAAK,CAAC,CAAC;IAC3D,MAAM,~~eAAe,GAAG,kBAAkB,EAAE,CAAC;IAC7C,MAAM,EAAE,YAAY,EAAE,~~SAAS,EAAE,~~GAAG,cAAc,CAAC;~~IACnD~~,MAAM,YAAY,GAAG,IAAI,8BAA8B,CAAC,YAAY,CAAC,CAAC;IACtE,MAAM,~~WAAW~~,~~GAAG~~,~~KAAK~~,~~IAAmB~~,EAAE~~;QAC5C~~,~~MAAM,MAAM,~~GAAG,UAAU,~~CAAC~~,~~MAAM,~~CAAC~~,QAAQ,CAAC,MAAM,CAAC~~;~~QACjD~~,MAAM,~~CAAC~~,~~QAAQ,CAAC,~~IAAI,~~GAAG~~,GAAG,~~SAAS~~,~~WAAW,MAAM,~~EAAE,CAAC;~~QACvD~~,~~OAAO;IACT,CAAC,CAAC;IAEF,~~MAAM,~~UAAU~~,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;~~QACxC~~,~~YAAY,CAAC,IAAI,CAAC,CAAC;QACnB,~~MAAM,KAAK,EAAE,SAAS,EAAE,EAAE,CAAC;IAC7B,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;IAEZ,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAC;QACpC,~~UAAU;QACV,~~WAAW;QACX,YAAY;~~KACb~~,~~CAAC,CAAC~~;~~IAEH~~,~~MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,aAAa,EAAE,~~CAAC~~;IAC1C~~,~~MAAM,OAAO,GAAG;QACd,aAAa,EAAE,~~CAAC~~,CAAC,IAAI~~;~~QACrB~~,~~OAAO;KACR,CAAC;IAEF,~~SAAS,CAAC,GAAG,EAAE;QACb,IACE,UAAU,KAAK,UAAU;YACzB,eAAe;YACf,CAAC,OAAO,EAAE,aAAa;YACvB,SAAS,EAAE,OAAO,EAClB,CAAC;YACD,MAAM,~~CAAC~~,~~QAAQ,~~CAAC~~,CAAC~~;~~QACnB~~,CAAC;IACH,CAAC,EAAE,CAAC,UAAU,EAAE,eAAe,EAAE,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC;~~IAC7E~~,OAAO,CACL,oBAAC,~~eAAe,IAAC,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;QAClD,oBAAC,~~aAAa;~~YACZ~~,oBAAC,YAAY,IACX,OAAO,EAAE,IAAI,mBAAmB,EAAE,EAClC,IAAI,EAAE,IAAI,EACV,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,MAAM;~~gBAEd~~,oBAAC,gBAAgB,~~IAAC~~,~~SAAS~~,EAAE,SAAS,EAAE,~~KAAK~~,EAAE,IAAI,~~GAAI~~;~~gBACtD~~,SAAS,IAAI,CACZ,oBAAC,YAAY;~~oBACX~~,oBAAC,WAAW,OAAG,CACF,CAChB;~~gBACA~~,QAAQ,CACI,CACD,~~CACA~~,CACnB,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,qBAAqB,GAAG,CAAC,EAC7B,QAAQ,EACR,GAAG,KAAK,EACmB,EAAE,EAAE;IAC/B,MAAM,cAAc,GAAG,iBAAiB,EAAE,CAAC;IAC3C,MAAM,~~EAAE~~,QAAQ,~~EAAE~~,WAAW,~~EAAE~~,WAAW,~~EAAE~~,YAAY,~~EAAE~~,SAAS,~~EAAE~~,~~GACnE~~,cAAc,CAAC;~~IACjB~~,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,QAAQ,CAAS,EAAE,CAAC,CAAC;~~IAC3D~~,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,OAAO,UAAU,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YAC7C,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;YACjD,cAAc,CAAC,kBAAkB,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC,CAAC;IAElC,OAAO,CACL,oBAAC,uBAAuB,IACtB,WAAW,EAAE,WAAW,EACxB,QAAQ,EAAE,QAAQ,EAClB,WAAW,EAAE,WAAW,EACxB,KAAK,EAAE,KAAK,EAAE,KAAK,EACnB,YAAY,EAAE,YAAY,EAC1B,SAAS,EAAE,SAAS;~~QAEpB~~,oBAAC,cAAc,IAAC,UAAU,EAAE,KAAK,CAAC,UAAU;YAC1C,oBAAC,6BAA6B,OACxB,KAAK,EACT,cAAc,EAAE,cAAc,IAE7B,QAAQ,CACqB,CACjB,CACO,CAC3B,CAAC;AACJ,CAAC,CAAC;AAEF,OAAO,EAAE,qBAAqB,EAAmC,CAAC","sourcesContent":["\"use client\";\n/*\n A very small context provider for the user object - it takes the user object from the cookie and provides it to the app.\n */\nimport React, { useCallback, useEffect, useState } from \"react\";\nimport {\n resolveAuthConfig,\n type AuthConfigWithDefaults,\n} from \"@/nextjs/config.js\";\nimport { resolveCallbackUrl } from \"@/nextjs/utils.js\";\nimport { ConfidentialClientPKCEConsumer } from \"@/services/PKCE.js\";\nimport { NextjsClientStorage } from \"@/nextjs/cookies.js\";\nimport { UserProvider } from \"@/shared/providers/UserProvider.js\";\nimport { useUserCookie } from \"@/nextjs/hooks/useUserCookie.js\";\nimport { CivicAuthConfigProvider } from \"@/shared/providers/CivicAuthConfigContext.js\";\nimport { SessionProvider } from \"@/shared/providers/SessionProvider.js\";\nimport { IframeProvider } from \"@/shared/providers/IframeProvider.js\";\nimport { TokenProvider } from \"@/shared/providers/TokenProvider.js\";\nimport { useSignIn } from \"@/shared/hooks/useSignIn.js\";\nimport { useCivicAuthConfig } from \"@/shared/hooks/useCivicAuthConfig.js\";\nimport { IFrameAndLoading } from \"@/shared/components/IFrameAndLoading.js\";\nimport { BlockDisplay } from \"@/shared/components/BlockDisplay.js\";\nimport { LoadingIcon } from \"@/shared/components/LoadingIcon.js\";\nimport { useIframe } from \"@/shared/hooks/useIframe.js\";\nimport type { AuthProviderProps } from \"@/shared/providers/types.js\";\n\ntype ~~InternalNextCivicAuthProviderProps~~ = Omit<\n AuthProviderProps,\n \"clientId\"\n> & {\n resolvedConfig: AuthConfigWithDefaults;\n};\ntype NextCivicAuthProviderProps = Omit<\n ~~InternalNextCivicAuthProviderProps~~,\n \"clientId\" \| \"resolvedConfig\" \| \"redirectUrl\"\n>;\n\nconst ~~CivicNextAuthProviderInternal~~ = ({\n children,\n ~~resolvedConfig~~,\n ...props\n}: ~~InternalNextCivicAuthProviderProps~~) => {\n const { iframeMode } = props;\n const { iframeRef } = useIframe();\n const ~~[isLoading, setIsLoading] = useState<boolean>(false);\n const~~ civicAuthConfig = useCivicAuthConfig();\n const { challengeUrl, ~~logoutUrl~~ } = resolvedConfig;\n const pkceConsumer = new ConfidentialClientPKCEConsumer(challengeUrl);\n const ~~postSignOut~~ = ~~async~~ ()~~: Promise<void> => {~~\n const ~~appUrl~~ = ~~globalThis.window.location.origin;\n window.location.href~~ = ~~`${logoutUrl}?appUrl=${appUrl}`;\n return~~;\n ~~};\n~~\n const ~~preSignOut~~ = useCallback(async () => {\n ~~setIsLoading(true);\n~~ await props?.onSignOut?.();\n }, [props]);\n\n const { signIn, signOut } = useSignIn({\n ~~preSignOut,\n~~ postSignOut,\n pkceConsumer,\n ~~});\n\n const { user, idToken } = useUserCookie();\n const session = {\n~~ ~~authenticated: !!user~~,\n ~~idToken,\n~~ };\n\n useEffect(() => {\n if (\n iframeMode === \"embedded\" &&\n civicAuthConfig &&\n !session?.authenticated &&\n iframeRef?.current\n ) {\n signIn(~~\"iframe\"~~);\n }\n }, [iframeMode, civicAuthConfig, session?.authenticated, iframeRef, signIn]);\n return (\n <~~SessionProvider data={session} isLoading={isLoading}~~>\n <~~TokenProvider>\n <~~UserProvider\n storage={new NextjsClientStorage()}\n user={user}\n signOut={signOut}\n signIn={signIn}\n >\n <IFrameAndLoading isLoading={isLoading} ~~error~~={~~null~~} />\n {isLoading && (\n <BlockDisplay>\n <LoadingIcon />\n </BlockDisplay>\n )}\n {children}\n </UserProvider>\n </TokenProvider>\n </SessionProvider>\n );\n};\n\nconst CivicNextAuthProvider = ({\n children,\n ...props\n}: NextCivicAuthProviderProps) => {\n const resolvedConfig = resolveAuthConfig();\n const { clientId, oauthServer, callbackUrl, challengeUrl, logoutUrl } ~~=\n~~ resolvedConfig;\n const [redirectUrl, setRedirectUrl] = useState<string>(\"\");\n useEffect(() => {\n if (typeof globalThis.window !== \"undefined\") {\n const appUrl = globalThis.window.location.origin;\n setRedirectUrl(resolveCallbackUrl(resolvedConfig, appUrl));\n }\n }, [callbackUrl, resolvedConfig]);\n\n return (\n <CivicAuthConfigProvider\n oauthServer={oauthServer}\n clientId={clientId}\n redirectUrl={redirectUrl}\n nonce={props?.nonce}\n challengeUrl={challengeUrl}\n logoutUrl={logoutUrl}\n >\n <IframeProvider iframeMode={props.iframeMode}>\n <CivicNextAuthProviderInternal\n {...props}\n resolvedConfig={resolvedConfig}\n >\n {children}\n </CivicNextAuthProviderInternal>\n </IframeProvider>\n </CivicAuthConfigProvider>\n );\n};\n\nexport { CivicNextAuthProvider, type NextCivicAuthProviderProps };\n"]}
1	+ {"version":3,"file":"NextAuthProvider.js","sourceRoot":"","sources":["../../../../src/nextjs/providers/NextAuthProvider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;AACb;;GAEG;AACH,OAAO,KAAK,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AAChE,OAAO,EACL,iBAAiB,GAElB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AACvD,OAAO,EAAE,8BAA8B,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,oCAAoC,CAAC;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAChE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8CAA8C,CAAC;AACvF,OAAO,EAAE,eAAe,EAAE,MAAM,uCAAuC,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,sCAAsC,CAAC;AACtE,OAAO,EAAE,aAAa,EAAE,MAAM,qCAAqC,CAAC;AACpE,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sCAAsC,CAAC;AAC1E,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAC3E,OAAO,EAAE,YAAY,EAAE,MAAM,qCAAqC,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAC;AACjE,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAkBhD,MAAM,kCAAkC,GAAG,CAAC,EAC1C,QAAQ,EACR,SAAS,EACT,WAAW,GAAG,QAAQ,EACtB,GAAG,KAAK,EACgC,EAAE,EAAE;IAC5C,MAAM,EAAE,UAAU,EAAE,cAAc,EAAE,GAAG,KAAK,CAAC;IAC7C,MAAM,EAAE,SAAS,EAAE,GAAG,SAAS,EAAE,CAAC;IAClC,MAAM,eAAe,GAAG,kBAAkB,EAAE,CAAC;IAC7C,MAAM,EAAE,YAAY,EAAE,GAAG,cAAc,CAAC;IACxC,MAAM,YAAY,GAAG,IAAI,8BAA8B,CAAC,YAAY,CAAC,CAAC;IACtE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,UAAU,EAAE,CAAC;IAEvC,MAAM,EAAE,IAAI,EAAE,GAAG,aAAa,EAAE,CAAC;IAEjC,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;QACzC,MAAM,KAAK,EAAE,SAAS,EAAE,EAAE,CAAC;IAC7B,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;IAEZ,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAC;QACpC,WAAW;QACX,YAAY;QACZ,WAAW;KACZ,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,IACE,UAAU,KAAK,UAAU;YACzB,eAAe;YACf,CAAC,OAAO,EAAE,aAAa;YACvB,SAAS,EAAE,OAAO,EAClB,CAAC;YACD,MAAM,EAAE,CAAC;QACX,CAAC;IACH,CAAC,EAAE,CAAC,UAAU,EAAE,eAAe,EAAE,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC;IAE7E,OAAO,CACL,oBAAC,aAAa;QACZ,oBAAC,YAAY,IACX,OAAO,EAAE,IAAI,mBAAmB,EAAE,EAClC,IAAI,EAAE,IAAI,EACV,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,WAAW;YAExB,oBAAC,gBAAgB,IACf,KAAK,EAAE,IAAI,EACX,SAAS,EAAE,SAAS,EACpB,kBAAkB,EAAE,IAAI,GACxB;YACD,SAAS,IAAI,CACZ,oBAAC,YAAY;gBACX,oBAAC,WAAW,OAAG,CACF,CAChB;YACA,QAAQ,CACI,CACD,CACjB,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,6BAA6B,GAAG,CAAC,EACrC,QAAQ,EACR,GAAG,KAAK,EAC2B,EAAE,EAAE;IACvC,MAAM,SAAS,GAAG,KAAK,CAAC;IACxB,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,aAAa,EAAE,CAAC;IAE1C,MAAM,OAAO,GAAG;QACd,aAAa,EAAE,CAAC,CAAC,IAAI;QACrB,OAAO;KACR,CAAC;IAEF,OAAO,CACL,oBAAC,eAAe,IAAC,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;QAClD,oBAAC,kCAAkC,OAAK,KAAK,EAAE,SAAS,EAAE,SAAS,IAChE,QAAQ,CAC0B,CACrB,CACnB,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,qBAAqB,GAAG,CAAC,EAC7B,QAAQ,EACR,GAAG,KAAK,EACmB,EAAE,EAAE;IAC/B,MAAM,cAAc,GAAG,iBAAiB,EAAE,CAAC;IAC3C,MAAM,EACJ,QAAQ,EACR,WAAW,EACX,WAAW,EACX,YAAY,EACZ,SAAS,EACT,iBAAiB,GAClB,GAAG,cAAc,CAAC;IACnB,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,QAAQ,CAAS,EAAE,CAAC,CAAC;IAE3D,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,OAAO,UAAU,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YAC7C,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;YACjD,cAAc,CAAC,kBAAkB,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC,CAAC;IAElC,OAAO,CACL,oBAAC,uBAAuB,IACtB,WAAW,EAAE,WAAW,EACxB,QAAQ,EAAE,QAAQ,EAClB,WAAW,EAAE,WAAW,EACxB,iBAAiB,EAAE,iBAAiB,EACpC,KAAK,EAAE,KAAK,EAAE,KAAK,EACnB,YAAY,EAAE,YAAY,EAC1B,SAAS,EAAE,SAAS,EACpB,iBAAiB,EAAE,iBAAiB;QAEpC,oBAAC,cAAc,IAAC,UAAU,EAAE,KAAK,CAAC,UAAU;YAC1C,oBAAC,6BAA6B,OACxB,KAAK,EACT,cAAc,EAAE,cAAc,IAE7B,QAAQ,CACqB,CACjB,CACO,CAC3B,CAAC;AACJ,CAAC,CAAC;AAEF,OAAO,EAAE,qBAAqB,EAAmC,CAAC","sourcesContent":["\"use client\";\n/*\n A very small context provider for the user object - it takes the user object from the cookie and provides it to the app.\n */\nimport React, { useCallback, useEffect, useState } from \"react\";\nimport {\n resolveAuthConfig,\n type AuthConfigWithDefaults,\n} from \"@/nextjs/config.js\";\nimport { resolveCallbackUrl } from \"@/nextjs/utils.js\";\nimport { ConfidentialClientPKCEConsumer } from \"@/services/PKCE.js\";\nimport { NextjsClientStorage } from \"@/nextjs/cookies.js\";\nimport { UserProvider } from \"@/shared/providers/UserProvider.js\";\nimport { useUserCookie } from \"@/nextjs/hooks/useUserCookie.js\";\nimport { CivicAuthConfigProvider } from \"@/shared/providers/CivicAuthConfigContext.js\";\nimport { SessionProvider } from \"@/shared/providers/SessionProvider.js\";\nimport { IframeProvider } from \"@/shared/providers/IframeProvider.js\";\nimport { TokenProvider } from \"@/shared/providers/TokenProvider.js\";\nimport { useSignIn } from \"@/shared/hooks/useSignIn.js\";\nimport { useCivicAuthConfig } from \"@/shared/hooks/useCivicAuthConfig.js\";\nimport { IFrameAndLoading } from \"@/shared/components/IFrameAndLoading.js\";\nimport { BlockDisplay } from \"@/shared/components/BlockDisplay.js\";\nimport { LoadingIcon } from \"@/shared/components/LoadingIcon.js\";\nimport { useIframe } from \"@/shared/hooks/useIframe.js\";\nimport { useSession } from \"@/reactjs/index.js\";\nimport type { AuthProviderProps } from \"@/shared/providers/types.js\";\n\ntype CivicNextAuthTokenProviderInternalProps =\n NextCivicAuthProviderInternalProps & {\n isLoading: boolean;\n };\ntype NextCivicAuthProviderInternalProps = Omit<\n AuthProviderProps,\n \"clientId\"\n> & {\n resolvedConfig: AuthConfigWithDefaults;\n};\ntype NextCivicAuthProviderProps = Omit<\n NextCivicAuthProviderInternalProps,\n \"clientId\" \| \"resolvedConfig\" \| \"redirectUrl\"\n>;\n\nconst CivicNextAuthTokenProviderInternal = ({\n children,\n isLoading,\n displayMode = \"iframe\",\n ...props\n}: CivicNextAuthTokenProviderInternalProps) => {\n const { iframeMode, resolvedConfig } = props;\n const { iframeRef } = useIframe();\n const civicAuthConfig = useCivicAuthConfig();\n const { challengeUrl } = resolvedConfig;\n const pkceConsumer = new ConfidentialClientPKCEConsumer(challengeUrl);\n const { data: session } = useSession();\n\n const { user } = useUserCookie();\n\n const postSignOut = useCallback(async () => {\n await props?.onSignOut?.();\n }, [props]);\n\n const { signIn, signOut } = useSignIn({\n postSignOut,\n pkceConsumer,\n displayMode,\n });\n\n useEffect(() => {\n if (\n iframeMode === \"embedded\" &&\n civicAuthConfig &&\n !session?.authenticated &&\n iframeRef?.current\n ) {\n signIn();\n }\n }, [iframeMode, civicAuthConfig, session?.authenticated, iframeRef, signIn]);\n\n return (\n <TokenProvider>\n <UserProvider\n storage={new NextjsClientStorage()}\n user={user}\n signOut={signOut}\n signIn={signIn}\n displayMode={displayMode}\n >\n <IFrameAndLoading\n error={null}\n isLoading={isLoading}\n showIframeOnLogout={true}\n />\n {isLoading && (\n <BlockDisplay>\n <LoadingIcon />\n </BlockDisplay>\n )}\n {children}\n </UserProvider>\n </TokenProvider>\n );\n};\n\nconst CivicNextAuthProviderInternal = ({\n children,\n ...props\n}: NextCivicAuthProviderInternalProps) => {\n const isLoading = false;\n const { user, idToken } = useUserCookie();\n\n const session = {\n authenticated: !!user,\n idToken,\n };\n\n return (\n <SessionProvider data={session} isLoading={isLoading}>\n <CivicNextAuthTokenProviderInternal {...props} isLoading={isLoading}>\n {children}\n </CivicNextAuthTokenProviderInternal>\n </SessionProvider>\n );\n};\n\nconst CivicNextAuthProvider = ({\n children,\n ...props\n}: NextCivicAuthProviderProps) => {\n const resolvedConfig = resolveAuthConfig();\n const {\n clientId,\n oauthServer,\n callbackUrl,\n challengeUrl,\n logoutUrl,\n logoutCallbackUrl,\n } = resolvedConfig;\n const [redirectUrl, setRedirectUrl] = useState<string>(\"\");\n\n useEffect(() => {\n if (typeof globalThis.window !== \"undefined\") {\n const appUrl = globalThis.window.location.origin;\n setRedirectUrl(resolveCallbackUrl(resolvedConfig, appUrl));\n }\n }, [callbackUrl, resolvedConfig]);\n\n return (\n <CivicAuthConfigProvider\n oauthServer={oauthServer}\n clientId={clientId}\n redirectUrl={redirectUrl}\n logoutRedirectUrl={logoutCallbackUrl}\n nonce={props?.nonce}\n challengeUrl={challengeUrl}\n logoutUrl={logoutUrl}\n logoutCallbackUrl={logoutCallbackUrl}\n >\n <IframeProvider iframeMode={props.iframeMode}>\n <CivicNextAuthProviderInternal\n {...props}\n resolvedConfig={resolvedConfig}\n >\n {children}\n </CivicNextAuthProviderInternal>\n </IframeProvider>\n </CivicAuthConfigProvider>\n );\n};\n\nexport { CivicNextAuthProvider, type NextCivicAuthProviderProps };\n"]}

package/dist/esm/nextjs/routeHandler.d.ts CHANGED Viewed

@@ -1,7 +1,8 @@
 import type { NextRequest } from "next/server.js";
 import { NextResponse } from "next/server.js";
 import type { AuthConfig } from "../nextjs/config.js";
-export declare function handleLogout(request: NextRequest, config: AuthConfig): Promise<NextResponse>;
+export declare function handleLogout(request: NextRequest, config: AuthConfig): Promise<string>;
+export declare function handleLogoutCallback(request: NextRequest, config: AuthConfig): Promise<NextResponse>;
 /**
  * Creates an authentication handler for Next.js API routes
  *

package/dist/esm/nextjs/routeHandler.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"routeHandler.d.ts","sourceRoot":"","sources":["../../../src/nextjs/routeHandler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;~~AAwNrD~~,wBAAsB,YAAY,CAChC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,YAAY,CAAC,~~CA4BvB~~;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,OAAO,iCAEF,WAAW,KAAG,OAAO,CAAC,YAAY,~~CA8BjD~~,CAAC"}
1	+ {"version":3,"file":"routeHandler.d.ts","sourceRoot":"","sources":["../../../src/nextjs/routeHandler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AA8QrD,wBAAsB,YAAY,CAChC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,MAAM,CAAC,CA6BjB;AAED,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,YAAY,CAAC,CA+CvB;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,OAAO,iCAEF,WAAW,KAAG,OAAO,CAAC,YAAY,CA0CjD,CAAC"}

package/dist/esm/nextjs/routeHandler.js CHANGED Viewed

@@ -9,8 +9,10 @@ import { getUser } from "../nextjs/GetUser.js";
 import { resolveCallbackUrl } from "../nextjs/utils.js";
 import { GenericUserSession } from "../shared/lib/UserSession.js";
 import { TOKEN_EXCHANGE_SUCCESS_TEXT, TOKEN_EXCHANGE_TRIGGER_TEXT, } from "../constants.js";
-import { serverTokenExchangeFromState } from "../lib/oauth.js";
-import { CodeVerifier } from "../shared/lib/types.js";
+import { displayModeFromState, serverTokenExchangeFromState, } from "../lib/oauth.js";
+import { CodeVerifier, OAuthTokens } from "../shared/lib/types.js";
+import { generateOauthLogoutUrl } from "../shared/lib/util.js";
+import { redirect } from "next/navigation.js";
 const logger = loggers.nextjs.handlers.auth;
 class AuthError extends Error {
     status;
@@ -20,6 +22,8 @@ class AuthError extends Error {
         this.name = "AuthError";
     }
 }
+const getAppUrl = (request) => request.cookies.get(CodeVerifier.APP_URL)?.value ||
+    request.nextUrl.searchParams.get("appUrl");
 /**
  * create a code verifier and challenge for PKCE
  * saving the verifier in a cookie for later use
@@ -57,18 +61,42 @@ async function performTokenExchangeAndSetCookies(request, config, code, state, a
     const userSession = new GenericUserSession(clientStorage);
     userSession.set(user);
 }
+const generateHtmlResponseWithCallback = (request, callbackUrl) => {
+    // we need to replace the URL with resolved config in case the server is hosted
+    // behind a reverse proxy or load balancer
+    const requestUrl = new URL(request.url);
+    const fetchUrl = `${callbackUrl}?${requestUrl.searchParams.toString()}&sameDomainServerTokenExchange=true`;
+    return new NextResponse(`<html>
+         <body>
+             <span style="display:none">
+                 <script>
+                     window.onload = function () {
+                         const appUrl = globalThis.window?.location?.origin;
+                         fetch('${fetchUrl}&appUrl=' + appUrl).then((response) => {
+                             response.json().then((jsonResponse) => {
+                                 if (jsonResponse.redirectUrl) {
+                                     window.location.href = jsonResponse.redirectUrl;
+                                 }
+                             });
+                         });
+                     };
+                 </script>
+             </span>
+         </body>
+     </html>
+    `);
+};
 async function handleCallback(request, config) {
     const resolvedConfigs = resolveAuthConfig(config);
     console.log("handleCallback", { request, resolvedConfigs });
     const code = request.nextUrl.searchParams.get("code");
-    const state = request.nextUrl.searchParams.get("state") || "";
+    const state = request.nextUrl.searchParams.get("state");
     if (!code || !state)
         throw new AuthError("Bad parameters", 400);
     // appUrl is passed from the client to the server in the query string
     // this is necessary because the server does not have access to the client's window.location.origin
     // and can not accurately determine the appUrl (specially if the app is behind a reverse proxy)
-    const appUrl = request.cookies.get(CodeVerifier.APP_URL)?.value ||
-        request.nextUrl.searchParams.get("appUrl");
+    const appUrl = getAppUrl(request);
     // If we have a code_verifier cookie and the appUrl, we can do a token exchange.
     // Otherwise, just render an empty page.
     // The initial redirect back from the auth server does not send cookies, because the redirect is from a 3rd-party domain.
@@ -94,29 +122,9 @@ async function handleCallback(request, config) {
                 requestUrl: request.url,
                 configCallbackUrl: resolvedConfigs.callbackUrl,
             });
-            // we need to replace the URL with resolved config in case the server is hosted
-            // behind a reverse proxy or load balancer
-            const requestUrl = new URL(request.url);
-            const fetchUrl = `${resolvedConfigs.callbackUrl}?${requestUrl.searchParams.toString()}&sameDomainServerTokenExchange=true`;
-            response = new NextResponse(`<html>
-            <body>
-                <span style="display:none">
-                    <script>
-                        window.onload = function () {
-                            const appUrl = globalThis.window?.location?.origin;
-                            fetch('${fetchUrl}&appUrl=' + appUrl).then((response) => {
-                                response.json().then((jsonResponse) => {
-                                    if (jsonResponse.redirectUrl) {
-                                        window.location.href = jsonResponse.redirectUrl;
-                                    }
-                                });
-                            });
-                        };
-                    </script>
-                </span>
-            </body>
-        </html>
-        `);
+            // generate a page that will callback to the same domain, allowing access
+            // to the code_verifier cookie and passing the appUrl.
+            response = generateHtmlResponseWithCallback(request, resolvedConfigs.callbackUrl);
         }
         response.headers.set("Content-Type", "text/html; charset=utf-8");
         console.log(`handleCallback no code_verifier found, returning ${TOKEN_EXCHANGE_TRIGGER_TEXT}`);
@@ -152,23 +160,88 @@ async function handleCallback(request, config) {
  * @returns
  */
 const getAbsoluteRedirectPath = (redirectPath, currentBasePath) => new URL(redirectPath, currentBasePath).href;
-export async function handleLogout(request, config) {
-    const resolvedConfigs = resolveAuthConfig(config);
-    const defaultRedirectPath = resolvedConfigs.loginUrl ?? "/";
-    const redirectTarget = new URL(request.url).searchParams.get("redirect") || defaultRedirectPath;
+const getPostLogoutRedirectUrl = (request, config) => {
+    const { loginUrl } = resolveAuthConfig(config);
+    const redirectTarget = loginUrl ?? "/";
+    // if the optional loginUrl is provided and it is an absolute URL,
+    // use it as the redirect target
     const isAbsoluteRedirect = /^(https?:\/\/|www\.).+/i.test(redirectTarget);
-    const appUrl = request.nextUrl.searchParams.get("appUrl");
-    const finalRedirectUrl = isAbsoluteRedirect
-        ? redirectTarget
-        : getAbsoluteRedirectPath(redirectTarget, new URL(appUrl ?? request.url).origin);
-    const response = NextResponse.redirect(finalRedirectUrl);
-    await clearAuthCookies(config);
+    if (isAbsoluteRedirect) {
+        return redirectTarget;
+    }
+    // if loginUrl is not defined, the appUrl is passed from the client to the server
+    // in the query string or cookies. This is necessary because the server does not
+    // have access to the client's window.location and can not accurately determine
+    // the appUrl (specially if the app is behind a reverse proxy).
+    const appUrl = getAppUrl(request);
+    if (appUrl)
+        return getAbsoluteRedirectPath(redirectTarget, appUrl);
+    return null;
+};
+const revalidateUrlPath = async (url) => {
     try {
-        revalidatePath(isAbsoluteRedirect ? finalRedirectUrl : redirectTarget);
+        const path = new URL(url).pathname;
+        revalidatePath(path);
     }
     catch (error) {
         logger.warn("Failed to revalidate path after logout:", error);
     }
+};
+export async function handleLogout(request, config) {
+    console.log("handleLogout", { params: request.nextUrl.searchParams });
+    const resolvedConfigs = resolveAuthConfig(config);
+    // read the id_token from the cookies
+    const cookieStorage = new NextjsCookieStorage(resolvedConfigs.cookies?.tokens ?? {});
+    const idToken = await cookieStorage.get(OAuthTokens.ID_TOKEN);
+    // read the state from the query parameters
+    const state = request.nextUrl.searchParams.get("state");
+    if (!state || !idToken)
+        throw new AuthError("Bad parameters", 400);
+    const postLogoutUrl = new URL(resolvedConfigs.logoutCallbackUrl, getAppUrl(request) || request.url);
+    const logoutUrl = await generateOauthLogoutUrl({
+        clientId: resolvedConfigs.clientId,
+        idToken,
+        state,
+        redirectUrl: postLogoutUrl.href,
+        oauthServer: resolvedConfigs.oauthServer,
+    });
+    console.log("handleLogout: redirecting to ", logoutUrl);
+    return logoutUrl.href;
+}
+export async function handleLogoutCallback(request, config) {
+    const resolvedConfigs = resolveAuthConfig(config);
+    const state = request.nextUrl.searchParams.get("state") || "";
+    if (!state)
+        throw new AuthError("Bad parameters", 400);
+    const displayMode = displayModeFromState(state, "redirect");
+    console.log("handleLogout: clear auth cookies", { state, displayMode });
+    await clearAuthCookies(resolvedConfigs);
+    // handle logout for iframe display mode
+    if (displayMode === "iframe") {
+        return NextResponse.json({ status: "success" });
+    }
+    // handle logout for non-iframe display mode
+    let response;
+    const redirectUrl = getPostLogoutRedirectUrl(request, resolvedConfigs);
+    if (redirectUrl) {
+        console.log("handleLogout with redirect mode", { state, redirectUrl });
+        // this is comming from the fetch from the HTML page returned by this handler
+        if (request.url.includes("sameDomainServerTokenExchange=true")) {
+            console.log("handleCallback sameDomainServerTokenExchange = true, returnining redirectUrl", redirectUrl);
+            return NextResponse.json({
+                status: "success",
+                redirectUrl: redirectUrl,
+            });
+        }
+        // just redirect to the app url
+        response = NextResponse.redirect(`${redirectUrl}`);
+        revalidateUrlPath(redirectUrl);
+    }
+    else {
+        console.log("handleLogout no redirectUrl found", { state });
+        response = generateHtmlResponseWithCallback(request, resolvedConfigs.logoutCallbackUrl);
+        response.headers.set("Content-Type", "text/html; charset=utf-8");
+    }
     return response;
 }
 /**
@@ -185,6 +258,7 @@ export async function handleLogout(request, config) {
  */
 export const handler = (authConfig = {}) => async (request) => {
     const config = resolveAuthConfig(authConfig);
+    let redirectUrl = null;
     try {
         const pathname = request.nextUrl.pathname;
         const pathSegments = pathname.split("/");
@@ -195,7 +269,10 @@ export const handler = (authConfig = {}) => async (request) => {
             case "callback":
                 return await handleCallback(request, config);
             case "logout":
-                return await handleLogout(request, config);
+                redirectUrl = await handleLogout(request, config);
+                break;
+            case "logoutcallback":
+                return await handleLogoutCallback(request, config);
             default:
                 throw new AuthError(`Invalid auth route: ${pathname}`, 404);
         }
@@ -208,5 +285,11 @@ export const handler = (authConfig = {}) => async (request) => {
         clearAuthCookies(config);
         return response;
     }
+    // redirect on Nextjs must be called outside a try-catch block
+    // see https://nextjs.org/docs/app/api-reference/functions/redirect
+    if (redirectUrl)
+        redirect(redirectUrl);
+    // do nothing if no redirectUrl
+    return NextResponse.json({ status: "ok" });
 };
 //# sourceMappingURL=routeHandler.js.map