npm - @civic/auth - Versions diffs - 0.13.0 → 0.13.1-beta.1 - Mend

@civic/auth 0.13.0 → 0.13.1-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (69) hide show

package/CHANGELOG.md +4 -0
package/README.md +102 -1
package/dist/lib/analytics.d.ts.map +1 -1
package/dist/lib/jwt.d.ts.map +1 -1
package/dist/lib/logger.d.ts.map +1 -1
package/dist/lib/oauth.d.ts +12 -1
package/dist/lib/oauth.d.ts.map +1 -1
package/dist/lib/oauth.js +29 -1
package/dist/lib/oauth.js.map +1 -1
package/dist/lib/obj.d.ts.map +1 -1
package/dist/lib/postMessage.d.ts.map +1 -1
package/dist/lib/windowUtil.d.ts.map +1 -1
package/dist/nextjs/config.d.ts +2 -11
package/dist/nextjs/config.d.ts.map +1 -1
package/dist/nextjs/config.js.map +1 -1
package/dist/nextjs/cookies.d.ts.map +1 -1
package/dist/nextjs/cookies.js +11 -10
package/dist/nextjs/cookies.js.map +1 -1
package/dist/nextjs/hooks/useInitialAuthConfig.d.ts.map +1 -1
package/dist/nextjs/index.d.ts.map +1 -1
package/dist/nextjs/middleware.d.ts.map +1 -1
package/dist/nextjs/middleware.js +18 -3
package/dist/nextjs/middleware.js.map +1 -1
package/dist/nextjs/providers/NextAuthProviderClient.d.ts.map +1 -1
package/dist/nextjs/routeHandler.d.ts.map +1 -1
package/dist/nextjs/routeHandler.js +21 -92
package/dist/nextjs/routeHandler.js.map +1 -1
package/dist/nextjs/utils.d.ts +9 -3
package/dist/nextjs/utils.d.ts.map +1 -1
package/dist/nextjs/utils.js +20 -61
package/dist/nextjs/utils.js.map +1 -1
package/dist/react-router-7/routeHandler.d.ts.map +1 -1
package/dist/reactjs/components/ButtonContentOrLoader.d.ts.map +1 -1
package/dist/reactjs/components/SignInButton.d.ts.map +1 -1
package/dist/reactjs/components/SignOutButton.d.ts.map +1 -1
package/dist/reactjs/components/UserButton.d.ts.map +1 -1
package/dist/reactjs/components/utils.d.ts.map +1 -1
package/dist/reactjs/hooks/useToken.d.ts.map +1 -1
package/dist/reactjs/hooks/useUser.d.ts.map +1 -1
package/dist/reactjs/styles/colors.d.ts.map +1 -1
package/dist/server/config.d.ts +23 -0
package/dist/server/config.d.ts.map +1 -1
package/dist/server/config.js.map +1 -1
package/dist/server/session.d.ts +57 -0
package/dist/server/session.d.ts.map +1 -1
package/dist/server/session.js +222 -9
package/dist/server/session.js.map +1 -1
package/dist/shared/components/LoadingIcon.d.ts.map +1 -1
package/dist/shared/lib/cookieConfig.d.ts.map +1 -1
package/dist/shared/lib/cookieConfig.js +6 -1
package/dist/shared/lib/cookieConfig.js.map +1 -1
package/dist/shared/lib/iframeUtils.d.ts.map +1 -1
package/dist/shared/lib/session.d.ts.map +1 -1
package/dist/shared/lib/types.d.ts +5 -1
package/dist/shared/lib/types.d.ts.map +1 -1
package/dist/shared/lib/types.js +4 -0
package/dist/shared/lib/types.js.map +1 -1
package/dist/shared/lib/util.d.ts +38 -1
package/dist/shared/lib/util.d.ts.map +1 -1
package/dist/shared/lib/util.js +104 -0
package/dist/shared/lib/util.js.map +1 -1
package/dist/shared/version.d.ts +1 -1
package/dist/shared/version.d.ts.map +1 -1
package/dist/shared/version.js +1 -1
package/dist/shared/version.js.map +1 -1
package/dist/utils.d.ts.map +1 -1
package/dist/vanillajs/auth/handlers/MessageHandler.d.ts.map +1 -1
package/dist/vanillajs/utils/logger.d.ts.map +1 -1
package/package.json +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,7 @@
+# 0.13.1 - Generalised server support for deep-linking
+- support deep-linking in all servers by setting a return_to cookie and propagating it via state through the OAuth flow
+- add `deepLinkHandling` configuration option for all server SDKs with three modes: `"fullUrl"`, `"queryParamsOnly"`, `"disabled"`
 # 0.13.0 - NextJS support for deep-linking
 - support NextJS deep-linking by setting a return_to cookie and propagating it via state through the OAuth flow
 - add `deepLinkHandling` configuration option with three modes: `"fullUrl"`, `"queryParamsOnly"`, `"disabled"`

package/README.md CHANGED Viewed

@@ -30,6 +30,7 @@
     - [Getting User Information on the Frontend](#getting-user-information-on-the-frontend-1)
     - [Getting User Information on the Backend](#getting-user-information-on-the-backend)
   - [Advanced Configuration](#advanced-configuration-1)
+    - [Deep Linking](#deep-linking)
 - [Server Integration](#server-integration)
   - [Client Secret Support](#client-secret-support)
   - [Using the CivicAuth Interface](#using-the-civicauth-interface)
@@ -37,6 +38,7 @@
     - [Framework Examples](#framework-examples)
       - [Express Example](#express-example)
     - [Available Methods](#available-methods)
+    - [Deep Linking for Server Frameworks](#deep-linking-for-server-frameworks)
     - [Server-Side Token Validation](#server-side-token-validation)
   - [Authentication Storage and State](#authentication-storage-and-state)
     - [Storage Entries](#storage-entries)
@@ -452,7 +454,36 @@ export default withCivicAuth(nextConfig) // your next config here
 Here are the available configuration options:
-<table><thead><tr><th width="133">Field</th><th width="100">Required</th><th width="171">Default</th><th>Example</th><th>Description</th></tr></thead><tbody><tr><td>clientId</td><td>Yes</td><td>-</td><td><code>2cc5633d-2c92-48da-86aa-449634f274b9</code></td><td>The key obtained on signup to <a href="https://auth.civic.com">auth.civic.com</a></td></tr><tr><td>callbackUrl</td><td>No</td><td>/api/auth/callback</td><td>/api/myroute/callback</td><td>The path to route the browser to after a succesful login. Set this value if you are hosting your civic auth API route somewhere other than the default recommended <a href="next.js.md#create-an-api-route">above</a>.</td></tr><tr><td>loginUrl</td><td>No</td><td>/</td><td>/admin</td><td>The path your user will be sent to if they access a resource that needs them to be logged in. If you have a dedicated login page, you can set it here.</td></tr><tr><td>logoutUrl</td><td>No</td><td>/</td><td>/goodbye</td><td>The path your user will be sent to after a successful log-out.</td></tr><tr><td>baseUrl</td><td>No</td><td>-</td><td>https://myapp.com</td><td>The public-facing base URL for apps deployed behind reverse proxies (e.g., Cloudfront + Vercel). When your app is behind a reverse proxy, the middleware may construct redirect URLs using internal origins instead of your public domain. Set this to ensure authentication redirects use the correct public URL.</td></tr><tr><td>autoRedirect</td><td>No</td><td>true</td><td>autoRedirect: false</td><td>When enabled, automatically uses the 'redirect' mode for authentication in browsers that don't support iframe-based authentication (e.g., Safari with passkeys). Instead of users performing authentication in an iframe, the current page will load the login page and they user will be redirected back upon succesfull login completion.</td></tr><tr><td>include</td><td>No</td><td>['/*']</td><td><p>[</p><p> '/admin/*', '/api/admin/*'</p><p>]</p></td><td>An array of path <a href="https://man7.org/linux/man-pages/man7/glob.7.html">globs</a> that require a user to be logged-in to access. If not set, will include all paths matched by your Next.js <a href="next.js.md#middleware">middleware</a>.</td></tr><tr><td>exclude</td><td>No</td><td>-</td><td>['public/home']</td><td>An array of path <a href="https://man7.org/linux/man-pages/man7/glob.7.html">globs</a> that are excluded from the Civic Auth <a href="next.js.md#middleware">middleware</a>. In some cases, it might be easier and safer to specify exceptions rather than keep an inclusion list up to date.</td></tr></tbody></table>
+<table><thead><tr><th width="133">Field</th><th width="100">Required</th><th width="171">Default</th><th>Example</th><th>Description</th></tr></thead><tbody><tr><td>clientId</td><td>Yes</td><td>-</td><td><code>2cc5633d-2c92-48da-86aa-449634f274b9</code></td><td>The key obtained on signup to <a href="https://auth.civic.com">auth.civic.com</a></td></tr><tr><td>callbackUrl</td><td>No</td><td>/api/auth/callback</td><td>/api/myroute/callback</td><td>The path to route the browser to after a succesful login. Set this value if you are hosting your civic auth API route somewhere other than the default recommended <a href="next.js.md#create-an-api-route">above</a>.</td></tr><tr><td>loginUrl</td><td>No</td><td>/</td><td>/admin</td><td>The path your user will be sent to if they access a resource that needs them to be logged in. If you have a dedicated login page, you can set it here.</td></tr><tr><td>logoutUrl</td><td>No</td><td>/</td><td>/goodbye</td><td>The path your user will be sent to after a successful log-out.</td></tr><tr><td>baseUrl</td><td>No</td><td>-</td><td>https://myapp.com</td><td>The public-facing base URL for apps deployed behind reverse proxies (e.g., Cloudfront + Vercel). When your app is behind a reverse proxy, the middleware may construct redirect URLs using internal origins instead of your public domain. Set this to ensure authentication redirects use the correct public URL.</td></tr><tr><td>autoRedirect</td><td>No</td><td>true</td><td>autoRedirect: false</td><td>When enabled, automatically uses the 'redirect' mode for authentication in browsers that don't support iframe-based authentication (e.g., Safari with passkeys). Instead of users performing authentication in an iframe, the current page will load the login page and they user will be redirected back upon succesfull login completion.</td></tr><tr><td>deepLinkConfig</td><td>No</td><td>"fullUrl"</td><td>"queryParamsOnly"</td><td>Controls how deep links are preserved during authentication. See <a href="#deep-linking">Deep Linking</a> below.</td></tr><tr><td>include</td><td>No</td><td>['/*']</td><td><p>[</p><p> '/admin/*', '/api/admin/*'</p><p>]</p></td><td>An array of path <a href="https://man7.org/linux/man-pages/man7/glob.7.html">globs</a> that require a user to be logged-in to access. If not set, will include all paths matched by your Next.js <a href="next.js.md#middleware">middleware</a>.</td></tr><tr><td>exclude</td><td>No</td><td>-</td><td>['public/home']</td><td>An array of path <a href="https://man7.org/linux/man-pages/man7/glob.7.html">globs</a> that are excluded from the Civic Auth <a href="next.js.md#middleware">middleware</a>. In some cases, it might be easier and safer to specify exceptions rather than keep an inclusion list up to date.</td></tr></tbody></table>
+### Deep Linking
+Deep linking allows users to be redirected back to their original destination (including query parameters) after completing authentication. This is useful when users access deep links like `/dashboard?tab=settings` while unauthenticated.
+**Configuration Options:**
+| Value | Description |
+|-------|-------------|
+| `"fullUrl"` (default) | Preserves the full URL including path and query parameters |
+| `"queryParamsOnly"` | Preserves only query parameters, redirects to root path |
+| `"disabled"` | Disables deep linking entirely |
+**Example:**
+```typescript
+const withCivicAuth = createCivicAuthPlugin({
+  clientId: 'YOUR CLIENT ID',
+  deepLinkConfig: 'fullUrl' // or 'queryParamsOnly' or 'disabled'
+});
+```
+**How it works:**
+1. User visits `/dashboard?tab=settings` (unauthenticated)
+2. Middleware stores the URL in a cookie and redirects to login
+3. After successful authentication, user is redirected back to `/dashboard?tab=settings`
+This is handled automatically by the Civic Auth middleware - no additional code required.
 # Server Integration
@@ -579,11 +610,81 @@ The CivicAuth interface provides the following methods:
 | `isLoggedIn()` | Checks if the user is currently logged in |
 | `buildLoginUrl(options?)` | Builds a login URL to redirect the user to |
 | `buildLogoutRedirectUrl(options?)` | Builds a logout URL to redirect the user to |
+| `handleDeepLinking(requestUrl, originUrl)` | Stores the current URL for post-login redirect |
+| `handleCallback()` | Handles OAuth callback and redirects to stored deep link |
 | `refreshTokens()` | Refreshes the current set of OIDC tokens |
 | `clearTokens()` | Clears all authentication tokens from storage |
 Each method is designed to be used in a server-side context and includes proper validation of tokens to ensure security.
+### Deep Linking for Server Frameworks
+Deep linking allows users to be redirected back to their original destination after completing authentication. For server frameworks (Express, Fastify, Hono, etc.), you can use the `handleDeepLinking` method to preserve deep links across the authentication flow.
+**Configuration:**
+When creating your CivicAuth instance, you can configure deep linking behavior:
+```typescript
+const config = {
+  clientId: 'YOUR_CLIENT_ID',
+  redirectUrl: 'http://yoursite.com/auth/callback',
+  // ... other config
+  deepLinkConfig: 'fullUrl' // or 'queryParamsOnly' or 'disabled'
+};
+```
+| Value | Description |
+|-------|-------------|
+| `"fullUrl"` (default) | Preserves the full URL including path and query parameters |
+| `"queryParamsOnly"` | Preserves only query parameters, redirects to root path |
+| `"disabled"` | Disables deep linking entirely |
+**Usage in Protected Routes:**
+Call `handleDeepLinking` before redirecting unauthenticated users to login:
+```typescript
+// Express example
+app.use(async (req, res, next) => {
+  if (!(await req.civicAuth.isLoggedIn())) {
+    // Set up deep linking before redirecting to login
+    const requestUrl = `${req.protocol}://${req.get("host")}${req.originalUrl}`;
+    const originUrl = `${req.protocol}://${req.get("host")}`;
+    await req.civicAuth.handleDeepLinking(requestUrl, originUrl);
+    const loginUrl = await req.civicAuth.buildLoginUrl();
+    return res.redirect(loginUrl.toString());
+  }
+  next();
+});
+```
+```typescript
+// Fastify example
+fastify.addHook('preHandler', async (request, reply) => {
+  if (!(await request.civicAuth.isLoggedIn())) {
+    const protocol = request.headers["x-forwarded-proto"] || request.protocol || "http";
+    const host = request.headers.host || "localhost";
+    const requestUrl = `${protocol}://${host}${request.url}`;
+    const originUrl = `${protocol}://${host}`;
+    await request.civicAuth.handleDeepLinking(requestUrl, originUrl);
+    const loginUrl = await request.civicAuth.buildLoginUrl();
+    return reply.redirect(loginUrl.toString());
+  }
+});
+```
+**How it works:**
+1. User visits `/dashboard?tab=settings` (unauthenticated)
+2. `handleDeepLinking()` stores the URL in a cookie
+3. `buildLoginUrl()` encodes the return URL into OAuth state
+4. After authentication, `handleCallback()` redirects to the original URL
 ### Server-Side Token Validation
 The CivicAuth interface automatically validates tokens for you when using `getUser()` or `getTokens()` methods, providing an extra layer of security for your server-side authentication logic.

package/dist/lib/analytics.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"analytics.d.ts","sourceRoot":"","sources":["../../src/lib/analytics.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEhD,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,aAAa,CAAC;CAC3B;AAED;;GAEG;AACH,eAAO,MAAM,SAAS,QAAO,MAAM,GAAG,SAKrC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,WAAW,QAAO,MAAM,GAAG,SAKvC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,YAAY,QAAO,MAAM,GAAG,SAKxC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,~~cACrB~~,MAAM,~~cACL~~,aAAa,KACxB,gBASF,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,aAAa,~~SAClB~~,gBAAgB,~~mBACL~~,MAAM,KACtB,OAAO,CAAC,IAAI,CAmBd,CAAC;AAOF,eAAO,MAAM,0BAA0B,~~cAC1B~~,MAAM,~~mBACA~~,MAAM,~~cACX~~,aAAa,~~8BACE~~,~~OAAO~~,~~KACjC~~,OAAO,CAAC,IAAI,CAYd,CAAC"}
1	+ {"version":3,"file":"analytics.d.ts","sourceRoot":"","sources":["../../src/lib/analytics.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEhD,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,aAAa,CAAC;CAC3B;AAED;;GAEG;AACH,eAAO,MAAM,SAAS,QAAO,MAAM,GAAG,SAKrC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,WAAW,QAAO,MAAM,GAAG,SAKvC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,YAAY,QAAO,MAAM,GAAG,SAKxC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,GAChC,WAAW,MAAM,EACjB,YAAY,aAAa,KACxB,gBASF,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,aAAa,GACxB,MAAM,gBAAgB,EACtB,iBAAiB,MAAM,KACtB,OAAO,CAAC,IAAI,CAmBd,CAAC;AAOF,eAAO,MAAM,0BAA0B,GACrC,WAAW,MAAM,EACjB,iBAAiB,MAAM,EACvB,YAAY,aAAa,EACzB,4BAA2B,OAAc,KACxC,OAAO,CAAC,IAAI,CAYd,CAAC"}

package/dist/lib/jwt.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../src/lib/jwt.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAEtE,eAAO,MAAM,2BAA2B,~~gBACzB~~,kBAAkB,KAC9B,eAUA,CAAC"}
1	+ {"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../src/lib/jwt.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAEtE,eAAO,MAAM,2BAA2B,GACtC,aAAa,kBAAkB,KAC9B,eAUA,CAAC"}

package/dist/lib/logger.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../src/lib/logger.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,MAAM;IACrB,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACjD,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAChD,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAChD,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;CAClD;AAsCD,eAAO,MAAM,YAAY,~~cAAe~~,MAAM,KAAG,MACrB,CAAC;AAG7B,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgCV,CAAC"}
1	+ {"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../src/lib/logger.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,MAAM;IACrB,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACjD,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAChD,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAChD,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;CAClD;AAsCD,eAAO,MAAM,YAAY,GAAI,WAAW,MAAM,KAAG,MACrB,CAAC;AAG7B,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgCV,CAAC"}

package/dist/lib/oauth.d.ts CHANGED Viewed

@@ -27,5 +27,16 @@ declare const displayModeFromState: (state: string, sessionDisplayMode: DisplayM
 declare const serverTokenExchangeFromState: (state: string) => boolean | undefined;
 declare const loginSuccessUrlFromState: (state: string | null) => string | undefined;
 declare const iframeDisplayModeFromState: (state: string) => "modal" | "embedded" | undefined;
-export { serverTokenExchangeFromState, loginSuccessUrlFromState, getIssuerVariations, getOauthEndpoints, displayModeFromState, iframeDisplayModeFromState, generateState, addSlashIfNeeded, };
+/**
+ * Injects loginSuccessUrl into an existing base64-encoded state string, or creates
+ * a new state if none exists. This allows the deep link destination (computed by
+ * middleware) to be passed through the OAuth flow via the existing loginSuccessUrl
+ * mechanism.
+ *
+ * @param frontendState - The existing base64-encoded state string (can be null)
+ * @param loginSuccessUrl - The URL to inject into the state
+ * @returns The updated base64-encoded state string
+ */
+declare const injectLoginSuccessUrlIntoState: (frontendState: string | null, loginSuccessUrl: string) => string;
+export { serverTokenExchangeFromState, loginSuccessUrlFromState, getIssuerVariations, getOauthEndpoints, displayModeFromState, iframeDisplayModeFromState, generateState, addSlashIfNeeded, injectLoginSuccessUrlIntoState, };
 //# sourceMappingURL=oauth.d.ts.map

package/dist/lib/oauth.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../src/lib/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,WAAW,EACX,SAAS,EAET,aAAa,EACd,MAAM,YAAY,CAAC;AAGpB,QAAA,MAAM,mBAAmB,~~WAAY~~,MAAM,KAAG,MAAM,EAQnD,CAAC;AAEF,QAAA,MAAM,gBAAgB,~~QAAS~~,MAAM,KAAG,MACH,CAAC;AAGtC,QAAA,MAAM,iBAAiB,~~gBAAuB~~,MAAM,KAAG,OAAO,CAAC,SAAS,CAoBvE,CAAC;AAEF;;;;GAIG;AACH,KAAK,kBAAkB,GAAG;IACxB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,iBAAiB,CAAC,EAAE,OAAO,GAAG,UAAU,CAAC;IACzC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,SAAS,CAAC,EAAE,aAAa,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC,CAAC;AACF,QAAA,MAAM,aAAa,~~2HAQhB~~,kBAAkB,KAAG,MAYvB,CAAC;AAEF;;;;;GAKG;AACH,QAAA,MAAM,oBAAoB,~~UACjB~~,MAAM,~~sBACO~~,WAAW,GAAG,SAAS,KAC1C,WAAW,GAAG,SAQhB,CAAC;AAsBF,QAAA,MAAM,4BAA4B,~~UAAW~~,MAAM,KAAG,OAAO,GAAG,SACvB,CAAC;AAE1C,QAAA,MAAM,wBAAwB,~~UAAW~~,MAAM,GAAG,IAAI,KAAG,MAAM,GAAG,SACT,CAAC;AAE1D,QAAA,MAAM,0BAA0B,~~UACvB~~,MAAM,KACZ,OAAO,GAAG,UAAU,GAAG,SAAkD,CAAC;AAE7E,OAAO,EACL,4BAA4B,EAC5B,wBAAwB,EACxB,mBAAmB,EACnB,iBAAiB,EACjB,oBAAoB,EACpB,0BAA0B,EAC1B,aAAa,EACb,gBAAgB,~~GACjB~~,CAAC"}
1	+ {"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../src/lib/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,WAAW,EACX,SAAS,EAET,aAAa,EACd,MAAM,YAAY,CAAC;AAGpB,QAAA,MAAM,mBAAmB,GAAI,QAAQ,MAAM,KAAG,MAAM,EAQnD,CAAC;AAEF,QAAA,MAAM,gBAAgB,GAAI,KAAK,MAAM,KAAG,MACH,CAAC;AAGtC,QAAA,MAAM,iBAAiB,GAAU,aAAa,MAAM,KAAG,OAAO,CAAC,SAAS,CAoBvE,CAAC;AAEF;;;;GAIG;AACH,KAAK,kBAAkB,GAAG;IACxB,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,iBAAiB,CAAC,EAAE,OAAO,GAAG,UAAU,CAAC;IACzC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,SAAS,CAAC,EAAE,aAAa,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC,CAAC;AACF,QAAA,MAAM,aAAa,GAAI,wHAQpB,kBAAkB,KAAG,MAYvB,CAAC;AAEF;;;;;GAKG;AACH,QAAA,MAAM,oBAAoB,GACxB,OAAO,MAAM,EACb,oBAAoB,WAAW,GAAG,SAAS,KAC1C,WAAW,GAAG,SAQhB,CAAC;AAsBF,QAAA,MAAM,4BAA4B,GAAI,OAAO,MAAM,KAAG,OAAO,GAAG,SACvB,CAAC;AAE1C,QAAA,MAAM,wBAAwB,GAAI,OAAO,MAAM,GAAG,IAAI,KAAG,MAAM,GAAG,SACT,CAAC;AAE1D,QAAA,MAAM,0BAA0B,GAC9B,OAAO,MAAM,KACZ,OAAO,GAAG,UAAU,GAAG,SAAkD,CAAC;AAE7E;;;;;;;;;GASG;AACH,QAAA,MAAM,8BAA8B,GAClC,eAAe,MAAM,GAAG,IAAI,EAC5B,iBAAiB,MAAM,KACtB,MAqBF,CAAC;AAEF,OAAO,EACL,4BAA4B,EAC5B,wBAAwB,EACxB,mBAAmB,EACnB,iBAAiB,EACjB,oBAAoB,EACpB,0BAA0B,EAC1B,aAAa,EACb,gBAAgB,EAChB,8BAA8B,GAC/B,CAAC"}

package/dist/lib/oauth.js CHANGED Viewed

@@ -66,5 +66,33 @@ const decodeState = (state) => {
 const serverTokenExchangeFromState = (state) => decodeState(state)?.serverTokenExchange;
 const loginSuccessUrlFromState = (state) => state ? decodeState(state)?.loginSuccessUrl : undefined;
 const iframeDisplayModeFromState = (state) => decodeState(state)?.iframeDisplayMode;
-export { serverTokenExchangeFromState, loginSuccessUrlFromState, getIssuerVariations, getOauthEndpoints, displayModeFromState, iframeDisplayModeFromState, generateState, addSlashIfNeeded, };
+/**
+ * Injects loginSuccessUrl into an existing base64-encoded state string, or creates
+ * a new state if none exists. This allows the deep link destination (computed by
+ * middleware) to be passed through the OAuth flow via the existing loginSuccessUrl
+ * mechanism.
+ *
+ * @param frontendState - The existing base64-encoded state string (can be null)
+ * @param loginSuccessUrl - The URL to inject into the state
+ * @returns The updated base64-encoded state string
+ */
+const injectLoginSuccessUrlIntoState = (frontendState, loginSuccessUrl) => {
+    let stateObj = {};
+    if (frontendState) {
+        try {
+            // Decode the existing state
+            const jsonString = atob(frontendState);
+            stateObj = JSON.parse(jsonString);
+        }
+        catch {
+            // Continue with empty stateObj - we'll still add loginSuccessUrl
+            console.warn("[injectLoginSuccessUrlIntoState] Failed to parse existing state, creating new state");
+        }
+    }
+    // Set loginSuccessUrl in state (overrides any existing value for fullUrl mode)
+    stateObj.loginSuccessUrl = loginSuccessUrl;
+    // Encode and return the state
+    return btoa(JSON.stringify(stateObj));
+};
+export { serverTokenExchangeFromState, loginSuccessUrlFromState, getIssuerVariations, getOauthEndpoints, displayModeFromState, iframeDisplayModeFromState, generateState, addSlashIfNeeded, injectLoginSuccessUrlIntoState, };
 //# sourceMappingURL=oauth.js.map

package/dist/lib/oauth.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/lib/oauth.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,EAAE,IAAI,IAAI,EAAE,MAAM,MAAM,CAAC;AAElC,MAAM,mBAAmB,GAAG,CAAC,MAAc,EAAY,EAAE;IACvD,MAAM,kBAAkB,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC;QAC7C,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;QACpC,CAAC,CAAC,MAAM,CAAC;IAEX,MAAM,eAAe,GAAG,GAAG,kBAAkB,GAAG,CAAC;IAEjD,OAAO,CAAC,kBAAkB,EAAE,eAAe,CAAC,CAAC;AAC/C,CAAC,CAAC;AAEF,MAAM,gBAAgB,GAAG,CAAC,GAAW,EAAU,EAAE,CAC/C,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC;AAEtC,MAAM,KAAK,GAAiC,EAAE,CAAC;AAC/C,MAAM,iBAAiB,GAAG,KAAK,EAAE,WAAmB,EAAsB,EAAE;IAC1E,IAAI,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;QACvB,OAAO,KAAK,CAAC,WAAW,CAAC,CAAC;IAC5B,CAAC;IAED,MAAM,oBAAoB,GAAG,MAAM,KAAK,CACtC,GAAG,gBAAgB,CAAC,WAAW,CAAC,kCAAkC,CACnE,CAAC;IACF,MAAM,YAAY,GAChB,CAAC,MAAM,oBAAoB,CAAC,IAAI,EAAE,CAAwB,CAAC;IAC7D,MAAM,SAAS,GAAc;QAC3B,IAAI,EAAE,YAAY,CAAC,QAAQ;QAC3B,IAAI,EAAE,YAAY,CAAC,sBAAsB;QACzC,KAAK,EAAE,YAAY,CAAC,cAAc;QAClC,QAAQ,EAAE,YAAY,CAAC,iBAAiB;QACxC,UAAU,EAAE,YAAY,CAAC,oBAAoB;KAC9C,CAAC;IAEF,KAAK,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC;IAC/B,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AAgBF,MAAM,aAAa,GAAG,CAAC,EACrB,WAAW,EACX,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EACf,SAAS,EACT,UAAU,EACV,oBAAoB,GACD,EAAU,EAAE;IAC/B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC;QAChC,IAAI,EAAE,IAAI,EAAE;QACZ,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvC,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACnD,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvD,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/C,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACnC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACrC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC1D,CAAC,CAAC;IACH,OAAO,IAAI,CAAC,UAAU,CAAC,CAAC;AAC1B,CAAC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,oBAAoB,GAAG,CAC3B,KAAa,EACb,kBAA2C,EAClB,EAAE;IAC3B,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QAC/B,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,WAAW,CAAC;IAC5C,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,yCAAyC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;QACnE,OAAO,kBAAkB,CAAC;IAC5B,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,WAAW,GAAG,CAClB,KAAa,EASD,EAAE;IACd,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QAC/B,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CAAC,uCAAuC,EAAE,KAAK,CAAC,CAAC;QAC9D,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,4BAA4B,GAAG,CAAC,KAAa,EAAuB,EAAE,CAC1E,WAAW,CAAC,KAAK,CAAC,EAAE,mBAAmB,CAAC;AAE1C,MAAM,wBAAwB,GAAG,CAAC,KAAoB,EAAsB,EAAE,CAC5E,KAAK,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;AAE1D,MAAM,0BAA0B,GAAG,CACjC,KAAa,EACqB,EAAE,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,iBAAiB,CAAC;AAE7E,OAAO,EACL,4BAA4B,EAC5B,wBAAwB,EACxB,mBAAmB,EACnB,iBAAiB,EACjB,oBAAoB,EACpB,0BAA0B,EAC1B,aAAa,EACb,gBAAgB,~~GACjB~~,CAAC","sourcesContent":["import type {\n DisplayMode,\n Endpoints,\n OpenIdConfiguration,\n FrameworkType,\n} from \"@/types.js\";\nimport { v4 as uuid } from \"uuid\";\n\nconst getIssuerVariations = (issuer: string): string[] => {\n const issuerWithoutSlash = issuer.endsWith(\"/\")\n ? issuer.slice(0, issuer.length - 1)\n : issuer;\n\n const issuerWithSlash = `${issuerWithoutSlash}/`;\n\n return [issuerWithoutSlash, issuerWithSlash];\n};\n\nconst addSlashIfNeeded = (url: string): string =>\n url.endsWith(\"/\") ? url : `${url}/`;\n\nconst cache: { [key: string]: Endpoints } = {};\nconst getOauthEndpoints = async (oauthServer: string): Promise<Endpoints> => {\n if (cache[oauthServer]) {\n return cache[oauthServer];\n }\n\n const openIdConfigResponse = await fetch(\n `${addSlashIfNeeded(oauthServer)}.well-known/openid-configuration`,\n );\n const openIdConfig =\n (await openIdConfigResponse.json()) as OpenIdConfiguration;\n const endpoints: Endpoints = {\n jwks: openIdConfig.jwks_uri,\n auth: openIdConfig.authorization_endpoint,\n token: openIdConfig.token_endpoint,\n userinfo: openIdConfig.userinfo_endpoint,\n endsession: openIdConfig.end_session_endpoint,\n };\n\n cache[oauthServer] = endpoints;\n return endpoints;\n};\n\n/*\n creates a state string for the OAuth2 flow, encoding the display mode too for future use\n * @param {DisplayMode} displayMode\n * @returns {string}\n /\ntype GenerateStateInput = {\n displayMode?: DisplayMode;\n iframeDisplayMode?: \"modal\" \| \"embedded\";\n serverTokenExchange?: boolean;\n loginSuccessUrl?: string;\n framework?: FrameworkType;\n sdkVersion?: string;\n previousSessionStale?: boolean;\n};\nconst generateState = ({\n displayMode,\n iframeDisplayMode,\n serverTokenExchange,\n loginSuccessUrl,\n framework,\n sdkVersion,\n previousSessionStale,\n}: GenerateStateInput): string => {\n const jsonString = JSON.stringify({\n uuid: uuid(),\n ...(displayMode ? { displayMode } : {}),\n ...(iframeDisplayMode ? { iframeDisplayMode } : {}),\n ...(serverTokenExchange ? { serverTokenExchange } : {}),\n ...(loginSuccessUrl ? { loginSuccessUrl } : {}),\n ...(framework ? { framework } : {}),\n ...(sdkVersion ? { sdkVersion } : {}),\n ...(previousSessionStale ? { previousSessionStale } : {}),\n });\n return btoa(jsonString);\n};\n\n/\n parses the state string from the OAuth2 flow, decoding the display mode too\n * @param state\n * @param sessionDisplayMode\n * @returns { uuid: string, displayMode: DisplayMode }\n */\nconst displayModeFromState = (\n state: string,\n sessionDisplayMode: DisplayMode \| undefined,\n): DisplayMode \| undefined => {\n try {\n const jsonString = atob(state);\n return JSON.parse(jsonString).displayMode;\n } catch (e) {\n console.error(\"Failed to parse displayMode from state:\", state, e);\n return sessionDisplayMode;\n }\n};\n\nconst decodeState = (\n state: string,\n):\n \| {\n serverTokenExchange?: boolean;\n loginSuccessUrl?: string;\n framework?: FrameworkType;\n sdkVersion?: string;\n iframeDisplayMode?: \"modal\" \| \"embedded\";\n }\n \| undefined => {\n try {\n const jsonString = atob(state);\n return JSON.parse(jsonString);\n } catch {\n console.error(\"Failed to parse state string to json:\", state);\n return undefined;\n }\n};\n\nconst serverTokenExchangeFromState = (state: string): boolean \| undefined =>\n decodeState(state)?.serverTokenExchange;\n\nconst loginSuccessUrlFromState = (state: string \| null): string \| undefined =>\n state ? decodeState(state)?.loginSuccessUrl : undefined;\n\nconst iframeDisplayModeFromState = (\n state: string,\n): \"modal\" \| \"embedded\" \| undefined => decodeState(state)?.iframeDisplayMode;\n\nexport {\n serverTokenExchangeFromState,\n loginSuccessUrlFromState,\n getIssuerVariations,\n getOauthEndpoints,\n displayModeFromState,\n iframeDisplayModeFromState,\n generateState,\n addSlashIfNeeded,\n};\n"]}
1	+ {"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/lib/oauth.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,EAAE,IAAI,IAAI,EAAE,MAAM,MAAM,CAAC;AAElC,MAAM,mBAAmB,GAAG,CAAC,MAAc,EAAY,EAAE;IACvD,MAAM,kBAAkB,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC;QAC7C,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;QACpC,CAAC,CAAC,MAAM,CAAC;IAEX,MAAM,eAAe,GAAG,GAAG,kBAAkB,GAAG,CAAC;IAEjD,OAAO,CAAC,kBAAkB,EAAE,eAAe,CAAC,CAAC;AAC/C,CAAC,CAAC;AAEF,MAAM,gBAAgB,GAAG,CAAC,GAAW,EAAU,EAAE,CAC/C,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC;AAEtC,MAAM,KAAK,GAAiC,EAAE,CAAC;AAC/C,MAAM,iBAAiB,GAAG,KAAK,EAAE,WAAmB,EAAsB,EAAE;IAC1E,IAAI,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;QACvB,OAAO,KAAK,CAAC,WAAW,CAAC,CAAC;IAC5B,CAAC;IAED,MAAM,oBAAoB,GAAG,MAAM,KAAK,CACtC,GAAG,gBAAgB,CAAC,WAAW,CAAC,kCAAkC,CACnE,CAAC;IACF,MAAM,YAAY,GAChB,CAAC,MAAM,oBAAoB,CAAC,IAAI,EAAE,CAAwB,CAAC;IAC7D,MAAM,SAAS,GAAc;QAC3B,IAAI,EAAE,YAAY,CAAC,QAAQ;QAC3B,IAAI,EAAE,YAAY,CAAC,sBAAsB;QACzC,KAAK,EAAE,YAAY,CAAC,cAAc;QAClC,QAAQ,EAAE,YAAY,CAAC,iBAAiB;QACxC,UAAU,EAAE,YAAY,CAAC,oBAAoB;KAC9C,CAAC;IAEF,KAAK,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC;IAC/B,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AAgBF,MAAM,aAAa,GAAG,CAAC,EACrB,WAAW,EACX,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EACf,SAAS,EACT,UAAU,EACV,oBAAoB,GACD,EAAU,EAAE;IAC/B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC;QAChC,IAAI,EAAE,IAAI,EAAE;QACZ,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvC,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACnD,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvD,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/C,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACnC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACrC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC1D,CAAC,CAAC;IACH,OAAO,IAAI,CAAC,UAAU,CAAC,CAAC;AAC1B,CAAC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,oBAAoB,GAAG,CAC3B,KAAa,EACb,kBAA2C,EAClB,EAAE;IAC3B,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QAC/B,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,WAAW,CAAC;IAC5C,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,yCAAyC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;QACnE,OAAO,kBAAkB,CAAC;IAC5B,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,WAAW,GAAG,CAClB,KAAa,EASD,EAAE;IACd,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QAC/B,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CAAC,uCAAuC,EAAE,KAAK,CAAC,CAAC;QAC9D,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,4BAA4B,GAAG,CAAC,KAAa,EAAuB,EAAE,CAC1E,WAAW,CAAC,KAAK,CAAC,EAAE,mBAAmB,CAAC;AAE1C,MAAM,wBAAwB,GAAG,CAAC,KAAoB,EAAsB,EAAE,CAC5E,KAAK,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;AAE1D,MAAM,0BAA0B,GAAG,CACjC,KAAa,EACqB,EAAE,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,iBAAiB,CAAC;AAE7E;;;;;;;;;GASG;AACH,MAAM,8BAA8B,GAAG,CACrC,aAA4B,EAC5B,eAAuB,EACf,EAAE;IACV,IAAI,QAAQ,GAA4B,EAAE,CAAC;IAE3C,IAAI,aAAa,EAAE,CAAC;QAClB,IAAI,CAAC;YACH,4BAA4B;YAC5B,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC;YACvC,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC;YACP,iEAAiE;YACjE,OAAO,CAAC,IAAI,CACV,qFAAqF,CACtF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,+EAA+E;IAC/E,QAAQ,CAAC,eAAe,GAAG,eAAe,CAAC;IAE3C,8BAA8B;IAC9B,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;AACxC,CAAC,CAAC;AAEF,OAAO,EACL,4BAA4B,EAC5B,wBAAwB,EACxB,mBAAmB,EACnB,iBAAiB,EACjB,oBAAoB,EACpB,0BAA0B,EAC1B,aAAa,EACb,gBAAgB,EAChB,8BAA8B,GAC/B,CAAC","sourcesContent":["import type {\n DisplayMode,\n Endpoints,\n OpenIdConfiguration,\n FrameworkType,\n} from \"@/types.js\";\nimport { v4 as uuid } from \"uuid\";\n\nconst getIssuerVariations = (issuer: string): string[] => {\n const issuerWithoutSlash = issuer.endsWith(\"/\")\n ? issuer.slice(0, issuer.length - 1)\n : issuer;\n\n const issuerWithSlash = `${issuerWithoutSlash}/`;\n\n return [issuerWithoutSlash, issuerWithSlash];\n};\n\nconst addSlashIfNeeded = (url: string): string =>\n url.endsWith(\"/\") ? url : `${url}/`;\n\nconst cache: { [key: string]: Endpoints } = {};\nconst getOauthEndpoints = async (oauthServer: string): Promise<Endpoints> => {\n if (cache[oauthServer]) {\n return cache[oauthServer];\n }\n\n const openIdConfigResponse = await fetch(\n `${addSlashIfNeeded(oauthServer)}.well-known/openid-configuration`,\n );\n const openIdConfig =\n (await openIdConfigResponse.json()) as OpenIdConfiguration;\n const endpoints: Endpoints = {\n jwks: openIdConfig.jwks_uri,\n auth: openIdConfig.authorization_endpoint,\n token: openIdConfig.token_endpoint,\n userinfo: openIdConfig.userinfo_endpoint,\n endsession: openIdConfig.end_session_endpoint,\n };\n\n cache[oauthServer] = endpoints;\n return endpoints;\n};\n\n/*\n creates a state string for the OAuth2 flow, encoding the display mode too for future use\n * @param {DisplayMode} displayMode\n * @returns {string}\n /\ntype GenerateStateInput = {\n displayMode?: DisplayMode;\n iframeDisplayMode?: \"modal\" \| \"embedded\";\n serverTokenExchange?: boolean;\n loginSuccessUrl?: string;\n framework?: FrameworkType;\n sdkVersion?: string;\n previousSessionStale?: boolean;\n};\nconst generateState = ({\n displayMode,\n iframeDisplayMode,\n serverTokenExchange,\n loginSuccessUrl,\n framework,\n sdkVersion,\n previousSessionStale,\n}: GenerateStateInput): string => {\n const jsonString = JSON.stringify({\n uuid: uuid(),\n ...(displayMode ? { displayMode } : {}),\n ...(iframeDisplayMode ? { iframeDisplayMode } : {}),\n ...(serverTokenExchange ? { serverTokenExchange } : {}),\n ...(loginSuccessUrl ? { loginSuccessUrl } : {}),\n ...(framework ? { framework } : {}),\n ...(sdkVersion ? { sdkVersion } : {}),\n ...(previousSessionStale ? { previousSessionStale } : {}),\n });\n return btoa(jsonString);\n};\n\n/\n parses the state string from the OAuth2 flow, decoding the display mode too\n * @param state\n * @param sessionDisplayMode\n * @returns { uuid: string, displayMode: DisplayMode }\n /\nconst displayModeFromState = (\n state: string,\n sessionDisplayMode: DisplayMode \| undefined,\n): DisplayMode \| undefined => {\n try {\n const jsonString = atob(state);\n return JSON.parse(jsonString).displayMode;\n } catch (e) {\n console.error(\"Failed to parse displayMode from state:\", state, e);\n return sessionDisplayMode;\n }\n};\n\nconst decodeState = (\n state: string,\n):\n \| {\n serverTokenExchange?: boolean;\n loginSuccessUrl?: string;\n framework?: FrameworkType;\n sdkVersion?: string;\n iframeDisplayMode?: \"modal\" \| \"embedded\";\n }\n \| undefined => {\n try {\n const jsonString = atob(state);\n return JSON.parse(jsonString);\n } catch {\n console.error(\"Failed to parse state string to json:\", state);\n return undefined;\n }\n};\n\nconst serverTokenExchangeFromState = (state: string): boolean \| undefined =>\n decodeState(state)?.serverTokenExchange;\n\nconst loginSuccessUrlFromState = (state: string \| null): string \| undefined =>\n state ? decodeState(state)?.loginSuccessUrl : undefined;\n\nconst iframeDisplayModeFromState = (\n state: string,\n): \"modal\" \| \"embedded\" \| undefined => decodeState(state)?.iframeDisplayMode;\n\n/\n Injects loginSuccessUrl into an existing base64-encoded state string, or creates\n * a new state if none exists. This allows the deep link destination (computed by\n * middleware) to be passed through the OAuth flow via the existing loginSuccessUrl\n * mechanism.\n \n @param frontendState - The existing base64-encoded state string (can be null)\n * @param loginSuccessUrl - The URL to inject into the state\n * @returns The updated base64-encoded state string\n */\nconst injectLoginSuccessUrlIntoState = (\n frontendState: string \| null,\n loginSuccessUrl: string,\n): string => {\n let stateObj: Record<string, unknown> = {};\n\n if (frontendState) {\n try {\n // Decode the existing state\n const jsonString = atob(frontendState);\n stateObj = JSON.parse(jsonString);\n } catch {\n // Continue with empty stateObj - we'll still add loginSuccessUrl\n console.warn(\n \"[injectLoginSuccessUrlIntoState] Failed to parse existing state, creating new state\",\n );\n }\n }\n\n // Set loginSuccessUrl in state (overrides any existing value for fullUrl mode)\n stateObj.loginSuccessUrl = loginSuccessUrl;\n\n // Encode and return the state\n return btoa(JSON.stringify(stateObj));\n};\n\nexport {\n serverTokenExchangeFromState,\n loginSuccessUrlFromState,\n getIssuerVariations,\n getOauthEndpoints,\n displayModeFromState,\n iframeDisplayModeFromState,\n generateState,\n addSlashIfNeeded,\n injectLoginSuccessUrlIntoState,\n};\n"]}

package/dist/lib/obj.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"obj.d.ts","sourceRoot":"","sources":["../../src/lib/obj.ts"],"names":[],"mappings":"AAAA,QAAA,MAAM,eAAe,~~SACb~~,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,GAAG,SAAS,~~QAC1C~~,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,GAAG,SAAS,KAC/C,OAiBF,CAAC;AACF,OAAO,EAAE,eAAe,EAAE,CAAC"}
1	+ {"version":3,"file":"obj.d.ts","sourceRoot":"","sources":["../../src/lib/obj.ts"],"names":[],"mappings":"AAAA,QAAA,MAAM,eAAe,GACnB,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,GAAG,SAAS,EAChD,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,GAAG,SAAS,KAC/C,OAiBF,CAAC;AACF,OAAO,EAAE,eAAe,EAAE,CAAC"}

package/dist/lib/postMessage.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"postMessage.d.ts","sourceRoot":"","sources":["../../src/lib/postMessage.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAEnD,QAAA,MAAM,2BAA2B,~~UACxB~~,gBAAgB,~~YACb~~,MAAM,KACf,OAYF,CAAC;AAEF,OAAO,EAAE,2BAA2B,EAAE,CAAC"}
1	+ {"version":3,"file":"postMessage.d.ts","sourceRoot":"","sources":["../../src/lib/postMessage.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAEnD,QAAA,MAAM,2BAA2B,GAC/B,OAAO,gBAAgB,EACvB,UAAU,MAAM,KACf,OAYF,CAAC;AAEF,OAAO,EAAE,2BAA2B,EAAE,CAAC"}

package/dist/lib/windowUtil.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"windowUtil.d.ts","sourceRoot":"","sources":["../../src/lib/windowUtil.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,MAAM;QACd,OAAO,CAAC,EAAE,OAAO,CAAC;KACnB;CACF;AAED;;;;GAIG;AACH,QAAA,MAAM,gBAAgB,~~WAAY~~,MAAM,KAAG,OAuC1C,CAAC;AAEF,QAAA,MAAM,yBAAyB,~~mBAAoB~~,MAAM,EAAE,SAW1D,CAAC;AAEF,OAAO,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,CAAC"}
1	+ {"version":3,"file":"windowUtil.d.ts","sourceRoot":"","sources":["../../src/lib/windowUtil.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,MAAM;QACd,OAAO,CAAC,EAAE,OAAO,CAAC;KACnB;CACF;AAED;;;;GAIG;AACH,QAAA,MAAM,gBAAgB,GAAI,QAAQ,MAAM,KAAG,OAuC1C,CAAC;AAEF,QAAA,MAAM,yBAAyB,GAAI,gBAAgB,MAAM,EAAE,SAW1D,CAAC;AAEF,OAAO,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,CAAC"}

package/dist/nextjs/config.d.ts CHANGED Viewed

@@ -1,18 +1,9 @@
 import type { NextConfig } from "next";
 import { type CookieConfig, type TokensCookieConfig } from "../shared/lib/types.js";
 import { type CookiesConfigObject } from "../shared/lib/cookieConfig.js";
+import type { DeepLinkHandling } from "../server/config.js";
 export type { CookiesConfigObject };
-/**
- * Controls how deep links (original URLs) are handled after authentication.
- *
- * - `"fullUrl"`: Redirect to the original URL the user tried to access.
- *   `loginSuccessUrl` is used as fallback only when no deep link exists.
- * - `"queryParamsOnly"`: Redirect to `loginSuccessUrl`, but merge query params from original URL.
- * - `"disabled"`: No deep link preservation. Always use `loginSuccessUrl`.
- *
- * @default "fullUrl"
- */
-export type DeepLinkHandling = "fullUrl" | "queryParamsOnly" | "disabled";
+export type { DeepLinkHandling } from "../server/config.js";
 export declare const systemUrlsConfig: {
     callbackUrl: {
         defaultPath: string;

package/dist/nextjs/config.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/nextjs/config.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAGvC,OAAO,EAEL,KAAK,YAAY,EACjB,KAAK,kBAAkB,EACxB,MAAM,uBAAuB,CAAC;AAI/B,OAAO,EAEL,KAAK,mBAAmB,EACzB,MAAM,8BAA8B,CAAC;~~AAGtC~~,YAAY,EAAE,mBAAmB,EAAE,CAAC;~~AAIpC;;;;;;;;;GASG;AACH~~,~~MAAM~~,~~MAAM~~,gBAAgB,~~GAAG~~,~~SAAS~~,~~GAAG~~,~~iBAAiB,GAAG,UAAU,~~CAAC;~~AAY1E~~,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAW5B,CAAC;AAsBF;;;GAGG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IAEpB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,EAAE,MAAM,CAAC;IAExB,eAAe,CAAC,EAAE,MAAM,CAAC;IAIzB,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,mBAAmB,CAAC;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;IACtB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,sBAAsB,CAAC,EAAE,WAAW,GAAG,MAAM,CAAC;IAC9C;;;;OAIG;IACH,gBAAgB,EAAE,gBAAgB,CAAC;CACpC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG,OAAO,CACpC,sBAAsB,GACtB;IACE,OAAO,CAAC,EAAE;QACR,MAAM,CAAC,EAAE,OAAO,CAAC,kBAAkB,CAAC,CAAC;QACrC,IAAI,CAAC,EAAE,YAAY,CAAC;KACrB,CAAC;CACH,CACJ,GAAG;IAGF,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,sBAAsB,CAAC,EAAE,WAAW,GAAG,MAAM,CAAC;IAC9C,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;CACrC,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,UAAU,GAAG,kBAAkB,GAAG;IAC5C,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,IAAI,CAAC,sBAAsB,EAAE,UAAU,CAuBtE,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,eAAO,MAAM,iBAAiB,~~YACpB~~,OAAO,CAAC,UAAU,~~CAAC~~,~~KAC1B~~,sBAqGF,CAAC;AAkCF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,MAAM,MAAM,cAAc,GAAG,CAAC,UAAU,CAAC,EAAE,UAAU,KAAK,UAAU,CAAC;AAErE,eAAO,MAAM,qBAAqB,~~eACpB~~,UAAU,KACrB,cAgDF,CAAC"}
1	+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/nextjs/config.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAGvC,OAAO,EAEL,KAAK,YAAY,EACjB,KAAK,kBAAkB,EACxB,MAAM,uBAAuB,CAAC;AAI/B,OAAO,EAEL,KAAK,mBAAmB,EACzB,MAAM,8BAA8B,CAAC;AACtC,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAG3D,YAAY,EAAE,mBAAmB,EAAE,CAAC;AAEpC,YAAY,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAc3D,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAW5B,CAAC;AAsBF;;;GAGG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IAEpB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,EAAE,MAAM,CAAC;IAExB,eAAe,CAAC,EAAE,MAAM,CAAC;IAIzB,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,mBAAmB,CAAC;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;IACtB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,sBAAsB,CAAC,EAAE,WAAW,GAAG,MAAM,CAAC;IAC9C;;;;OAIG;IACH,gBAAgB,EAAE,gBAAgB,CAAC;CACpC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG,OAAO,CACpC,sBAAsB,GACtB;IACE,OAAO,CAAC,EAAE;QACR,MAAM,CAAC,EAAE,OAAO,CAAC,kBAAkB,CAAC,CAAC;QACrC,IAAI,CAAC,EAAE,YAAY,CAAC;KACrB,CAAC;CACH,CACJ,GAAG;IAGF,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,sBAAsB,CAAC,EAAE,WAAW,GAAG,MAAM,CAAC;IAC9C,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;CACrC,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,UAAU,GAAG,kBAAkB,GAAG;IAC5C,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,IAAI,CAAC,sBAAsB,EAAE,UAAU,CAuBtE,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,eAAO,MAAM,iBAAiB,GAC5B,SAAQ,OAAO,CAAC,UAAU,CAAM,KAC/B,sBAqGF,CAAC;AAkCF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,MAAM,MAAM,cAAc,GAAG,CAAC,UAAU,CAAC,EAAE,UAAU,KAAK,UAAU,CAAC;AAErE,eAAO,MAAM,qBAAqB,GAChC,YAAY,UAAU,KACrB,cAgDF,CAAC"}

package/dist/nextjs/config.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/nextjs/config.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EACL,cAAc,GAGf,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,KAAK,EAAE,MAAM,cAAc,CAAC;AACrC,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EACL,wBAAwB,GAEzB,MAAM,8BAA8B,CAAC;AAKtC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;AAwB5C,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,WAAW,EAAE,EAAE,WAAW,EAAE,oBAAoB,EAAE,aAAa,EAAE,IAAI,EAAE;IACvE,YAAY,EAAE,EAAE,WAAW,EAAE,qBAAqB,EAAE,aAAa,EAAE,IAAI,EAAE;IACzE,UAAU,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE,aAAa,EAAE,IAAI,EAAE;IACrE,SAAS,EAAE,EAAE,WAAW,EAAE,kBAAkB,EAAE,aAAa,EAAE,IAAI,EAAE;IACnE,YAAY,EAAE,EAAE,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,IAAI,EAAE;IACrE,OAAO,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE,aAAa,EAAE,IAAI,EAAE;IAC/D,eAAe,EAAE;QACf,WAAW,EAAE,wBAAwB;QACrC,aAAa,EAAE,IAAI;KACpB;CACF,CAAC;AACF,MAAM,UAAU,GAAmC;IACjD,GAAG,gBAAgB;IACnB,iBAAiB,EAAE;QACjB,WAAW,EAAE,EAAE;QACf,aAAa,EAAE,IAAI;QACnB,eAAe,EAAE,IAAI;KACtB;IACD,QAAQ,EAAE;QACR,WAAW,EAAE,EAAE;QACf,aAAa,EAAE,IAAI;QACnB,eAAe,EAAE,IAAI;QACrB,UAAU,EAAE,IAAI;KACjB;IACD,eAAe,EAAE;QACf,WAAW,EAAE,EAAE;QACf,aAAa,EAAE,IAAI;QACnB,eAAe,EAAE,IAAI;QACrB,UAAU,EAAE,IAAI;KACjB;CACF,CAAC;AAoFF;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAA6C;IACzE,WAAW,EAAE,mBAAmB;IAChC,sBAAsB;IACtB,4DAA4D;IAC5D,GAAI,MAAM,CAAC,WAAW,CACpB,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC;QACrD,GAAG;QACH,KAAK,CAAC,WAAW;KAClB,CAAC,CAGF;IACF,qBAAqB;IACrB,eAAe,EAAE,SAAS,EAAE,mDAAmD;IAC/E,QAAQ,EAAE,GAAG;IACb,iBAAiB,EAAE,GAAG;IACtB,OAAO,EAAE,CAAC,KAAK,CAAC;IAChB,OAAO,EAAE,CAAC,cAAc,CAAC;IACzB,QAAQ,EAAE,EAAE;IACZ,OAAO,EAAE,SAAS,EAAE,8DAA8D;IAClF,YAAY,EAAE,IAAI,EAAE,8BAA8B;IAClD,OAAO,EAAE,wBAAwB,EAAE;IACnC,gBAAgB,EAAE,iBAAiB,EAAE,sEAAsE;CAC5G,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAC/B,SAA8B,EAAE,EACR,EAAE;IAC1B,0EAA0E;IAC1E,kEAAkE;IAClE,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC;IAE1C,MAAM,aAAa,GAAG,gBAAgB,CAAC;QACrC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;QAC3C,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB;QAC5C,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB;QACjD,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,6BAA6B;QAC1D,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;QACnD,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;QAC3C,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,0BAA0B;QACpD,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB;QAC7C,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,+BAA+B;QAC9D,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,uBAAuB;QAC/C,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB;QACzC,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,6BAA6B;QAC1D,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG,CAAC;QACrD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG,CAAC;QACrD,OAAO,EAAE,kBAAkB;YACzB,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB;gBACrC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;gBACnD,CAAC,CAAC,SAAS;QACf,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,EAAE;QACjD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB;QACzC,YAAY,EACV,OAAO,CAAC,GAAG,CAAC,yBAAyB,KAAK,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QACvE,cAAc,EACZ,OAAO,CAAC,GAAG,CAAC,2BAA2B,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;QACvE,sBAAsB,EAAE,OAAO,CAAC,GAAG,CAAC,oCAAoC;QACxE,gBAAgB,EAAE,CAAC,CAAC,SAAS,EAAE,iBAAiB,EAAE,UAAU,CAAC,CAAC,QAAQ,CACpE,OAAO,CAAC,GAAG,CAAC,8BAA8B,IAAI,EAAE,CACjD;YACC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,8BAA8B;YAC5C,CAAC,CAAC,SAAS,CAAiC;KAC/C,CAAe,CAAC;IAEjB,2CAA2C;IAC3C,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;QAC3B,GAAG,iBAAiB,CAAC,OAAO;QAC5B,GAAG,CAAC,aAAa,CAAC,OAAO,IAAI,EAAE,CAAC;QAChC,GAAG,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;KAC1B,CAAC,CAAC;IAEH,4DAA4D;IAC5D,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC;IAEvC,6CAA6C;IAC7C,MAAM,YAAY,GAAG,KAAK,CAAC,WAAW,CACpC,EAAE,WAAW,EAAE,KAAK,EAAE,EACtB,iBAAiB,EACjB,aAAa,EACb,MAAM,CACP,CAAC;IAEF,kDAAkD;IAClD,YAAY,CAAC,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAEhD,6EAA6E;IAC7E,mEAAmE;IACnE,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,aAAa,CAAC,OAAO,IAAI,YAAY,CAAC,QAAQ,EAAE,CAAC;QACvE,YAAY,CAAC,OAAO,GAAG,wBAAwB,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IACzE,CAAC;IAED,4FAA4F;IAC5F,IAAI,eAAe,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;QAC5C,YAAY,CAAC,OAAO,GAAG,KAAK,CAAC,WAAW,CACtC,EAAE,WAAW,EAAE,KAAK,EAAE,EACtB,YAAY,CAAC,OAAO,EACpB,eAAe,CAChB,CAAC;IACJ,CAAC;IAED,uDAAuD;IACvD,MAAM,qBAAqB,GACzB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IAC5D,IAAI,qBAAqB,EAAE,CAAC;QAC1B,IAAI,qBAAqB,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;YAC7C,MAAM,CAAC,IAAI,CACT,mGAAmG,CACpG,CAAC;QACJ,CAAC;QACD,IAAI,qBAAqB,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YAC3C,MAAM,CAAC,IAAI,CACT,6FAA6F,CAC9F,CAAC;QACJ,CAAC;QACD,IAAI,qBAAqB,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;YAC9C,MAAM,CAAC,IAAI,CACT,uGAAuG,CACxG,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,YAAY,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IAED,OAAO,YAA6D,CAAC;AACvE,CAAC,CAAC;AAEF;;GAEG;AACH,SAAS,mBAAmB,CAC1B,UAAsB,EACtB,QAAgB;IAEhB,MAAM,uBAAuB,GAA2B,EAAE,CAAC;IAE3D,IAAI,CAAC,QAAQ;QAAE,OAAO,uBAAuB,CAAC;IAE9C,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,MAAM,CAAC,EAAE,EAAE;QACnD,uCAAuC;QACvC,MAAM,YAAY,GAAG,UAAU,CAAC,GAAuB,CAAC,CAAC;QACzD,IACE,YAAY,KAAK,SAAS;YAC1B,CAAC,CAAC,MAAM,CAAC,UAAU,IAAI,YAAY,KAAK,EAAE,CAAC,EAC3C,CAAC;YACD,OAAO;QACT,CAAC;QAED,uCAAuC;QACvC,MAAM,QAAQ,GAAG,MAAM,CAAC,eAAe;YACrC,CAAC,CAAC,QAAQ;YACV,CAAC,CAAC,GAAG,QAAQ,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;QAEvC,uBAAuB,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,OAAO,uBAA8C,CAAC;AACxD,CAAC;AA0CD,MAAM,CAAC,MAAM,qBAAqB,GAAG,CACnC,UAAsB,EACN,EAAE;IAClB,OAAO,CAAC,UAAuB,EAAE,EAAE;QACjC,MAAM,CAAC,KAAK,CACV,kCAAkC,EAClC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CACpC,CAAC;QAEF,uCAAuC;QACvC,MAAM,QAAQ,GAAG,gBAAgB,CAAC,UAAU,EAAE,QAAQ,IAAI,EAAE,CAAC,CAAC;QAE9D,yDAAyD;QACzD,MAAM,uBAAuB,GAAG,mBAAmB,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAE1E,+DAA+D;QAC/D,MAAM,cAAc,GAAG,iBAAiB,CAAC;YACvC,GAAG,uBAAuB;YAC1B,GAAG,UAAU;YACb,QAAQ;SACT,CAAC,CAAC;QAEH,OAAO;YACL,GAAG,UAAU;YACb,GAAG,EAAE;gBACH,GAAG,UAAU,EAAE,GAAG;gBAClB,6DAA6D;gBAC7D,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,mBAAmB,EAAE,cAAc,CAAC,WAAW;gBAC/C,wBAAwB,EAAE,cAAc,CAAC,WAAW;gBACpD,6BAA6B,EAAE,cAAc,CAAC,eAAe;gBAC7D,yBAAyB,EAAE,cAAc,CAAC,YAAY;gBACtD,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,0BAA0B,EAAE,cAAc,CAAC,YAAY;gBACvD,sBAAsB,EAAE,cAAc,CAAC,SAAS;gBAChD,+BAA+B,EAAE,cAAc,CAAC,iBAAiB;gBACjE,uBAAuB,EAAE,cAAc,CAAC,UAAU;gBAClD,oBAAoB,EAAE,cAAc,CAAC,OAAO;gBAC5C,6BAA6B,EAAE,cAAc,CAAC,eAAe;gBAC7D,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtD,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtD,yBAAyB,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,OAAO,CAAC;gBACjE,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,oBAAoB,EAAE,cAAc,CAAC,OAAO;gBAC5C,yBAAyB,EAAE,cAAc,CAAC,YAAY,CAAC,QAAQ,EAAE;gBACjE,2BAA2B,EAAE,cAAc,CAAC,cAAc,EAAE,QAAQ,EAAE;gBACtE,8BAA8B,EAAE,cAAc,CAAC,gBAAgB;aAChE;SACF,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC,CAAC","sourcesContent":["/* eslint-disable turbo/no-undeclared-env-vars /\nimport type { NextConfig } from \"next\";\nimport { loggers } from \"@/lib/logger.js\";\nimport { withoutUndefined } from \"@/utils.js\";\nimport {\n AuthFlowCookie,\n type CookieConfig,\n type TokensCookieConfig,\n} from \"@/shared/lib/types.js\";\nimport { DEFAULT_AUTH_SERVER } from \"@/constants.js\";\nimport { merge } from \"ts-deepmerge\";\nimport { sanitizeBasePath } from \"./utils.js\";\nimport {\n createNextJSCookieConfig,\n type CookiesConfigObject,\n} from \"@/shared/lib/cookieConfig.js\";\n\n// Re-export the shared type for public API\nexport type { CookiesConfigObject };\n\nconst logger = loggers.nextjs.handlers.auth;\n\n/\n Controls how deep links (original URLs) are handled after authentication.\n \n - `\"fullUrl\"`: Redirect to the original URL the user tried to access.\n * `loginSuccessUrl` is used as fallback only when no deep link exists.\n * - `\"queryParamsOnly\"`: Redirect to `loginSuccessUrl`, but merge query params from original URL.\n * - `\"disabled\"`: No deep link preservation. Always use `loginSuccessUrl`.\n \n @default \"fullUrl\"\n /\nexport type DeepLinkHandling = \"fullUrl\" \| \"queryParamsOnly\" \| \"disabled\";\n\n/\n URL configuration mapping for applying basePath\n /\ntype UrlConfigEntry = {\n defaultPath: string;\n applyBasePath: boolean;\n useBasePathOnly?: boolean;\n checkEmpty?: boolean;\n};\n\nexport const systemUrlsConfig = {\n callbackUrl: { defaultPath: \"/api/auth/callback\", applyBasePath: true },\n challengeUrl: { defaultPath: \"/api/auth/challenge\", applyBasePath: true },\n refreshUrl: { defaultPath: \"/api/auth/refresh\", applyBasePath: true },\n logoutUrl: { defaultPath: \"/api/auth/logout\", applyBasePath: true },\n loginInitUrl: { defaultPath: \"/api/auth/login\", applyBasePath: true },\n userUrl: { defaultPath: \"/api/auth/user\", applyBasePath: true },\n clearSessionUrl: {\n defaultPath: \"/api/auth/clearsession\",\n applyBasePath: true,\n },\n};\nconst URL_CONFIG: Record<string, UrlConfigEntry> = {\n ...systemUrlsConfig,\n logoutCallbackUrl: {\n defaultPath: \"\",\n applyBasePath: true,\n useBasePathOnly: true,\n },\n loginUrl: {\n defaultPath: \"\",\n applyBasePath: true,\n useBasePathOnly: true,\n checkEmpty: true,\n },\n loginSuccessUrl: {\n defaultPath: \"\",\n applyBasePath: true,\n useBasePathOnly: true,\n checkEmpty: true,\n },\n};\n\n/\n Configuration values for Civic Auth.\n * Only clientId is required, all others are optional.\n /\nexport type AuthConfigWithDefaults = {\n clientId: string;\n oauthServer: string;\n // Internal API routes\n callbackUrl: string; // where Civic's internal OAuth callback is hosted\n loginInitUrl: string; // Internal auth route for initiating login flow (e.g., /api/auth/login)\n logoutUrl: string;\n challengeUrl: string;\n refreshUrl: string;\n userUrl: string;\n clearSessionUrl: string;\n // User-facing routes\n loginSuccessUrl?: string; // where the user should be sent after the entire login completes, including the token exchange\n // The path the user will be sent to if they access a resource that needs\n // them to be logged in. If there is a dedicated login page, it can be set here.\n // Note: This is NOT for internal auth routes - see loginInitUrl for that.\n loginUrl: string;\n logoutCallbackUrl: string;\n include: string[];\n exclude: string[];\n cookies: CookiesConfigObject;\n basePath?: string;\n baseUrl?: string; // Public domain for apps behind reverse proxies (e.g., \"https://myapp.com\")\n autoRedirect: boolean;\n disableRefresh?: boolean; // Disable automatic token refresh\n targetContainerElement?: HTMLElement \| string;\n /\n Controls how deep links (original URLs) are handled after authentication.\n * @see DeepLinkHandling\n * @default \"fullUrl\"\n /\n deepLinkHandling: DeepLinkHandling;\n};\n\n/\n All possible config values for Civic Auth\n /\nexport type OptionalAuthConfig = Partial<\n \| AuthConfigWithDefaults\n \| {\n cookies?: {\n tokens?: Partial<TokensCookieConfig>;\n user?: CookieConfig;\n };\n }\n> & {\n // Ensure TypeScript understands these properties are available\n // This doesn't change the public API, just helps TypeScript internally\n callbackUrl?: string; // where Civic's internal OAuth callback is hosted\n loginSuccessUrl?: string; // where the user should be sent after the entire login completes, including the token exchange\n loginUrl?: string;\n loginInitUrl?: string;\n logoutUrl?: string;\n logoutCallbackUrl?: string;\n challengeUrl?: string;\n refreshUrl?: string;\n userUrl?: string;\n clearSessionUrl?: string;\n include?: string[];\n exclude?: string[];\n basePath?: string;\n baseUrl?: string;\n oauthServer?: string;\n autoRedirect?: boolean;\n disableRefresh?: boolean;\n targetContainerElement?: HTMLElement \| string;\n deepLinkHandling?: DeepLinkHandling;\n};\n\n/\n Configuration values for Civic Auth.\n * Only clientId is required, all others are optional.\n /\nexport type AuthConfig = OptionalAuthConfig & {\n clientId: string;\n exclude?: string[];\n};\n\n/\n Default configuration values that will be used if not overridden\n /\nexport const defaultAuthConfig: Omit<AuthConfigWithDefaults, \"clientId\"> = {\n oauthServer: DEFAULT_AUTH_SERVER,\n // Internal API routes\n // deconstruct systemUrls to set the keys and default values\n ...(Object.fromEntries(\n Object.entries(systemUrlsConfig).map(([key, value]) => [\n key,\n value.defaultPath,\n ]),\n ) as {\n [key in keyof typeof systemUrlsConfig]: string;\n }),\n // User-facing routes\n loginSuccessUrl: undefined, // By default, the user is sent to the redirect_url\n loginUrl: \"/\",\n logoutCallbackUrl: \"/\",\n include: [\"/\"],\n exclude: [\"/api/auth/\"],\n basePath: \"\",\n baseUrl: undefined, // No default - will use request.nextUrl.origin when undefined\n autoRedirect: true, // Default to current behavior\n cookies: createNextJSCookieConfig(),\n deepLinkHandling: \"queryParamsOnly\", // Default to preserving query params while respecting loginSuccessUrl\n};\n\n/\n Resolves the authentication configuration by combining:\n * 1. Default values\n * 2. Environment variables (set internally by the plugin)\n * 3. Explicitly passed configuration\n \n Config will be merged deeply, with arrays not merged, so that the\n * default include list (for example) [\"/\"] will not be added\n \n * Note: Developers should not set _civic_auth_* environment variables directly.\n * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:\n \n @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n * callbackUrl: '/custom/callback',\n * })\n * ```\n /\nexport const resolveAuthConfig = (\n config: Partial<AuthConfig> = {},\n): AuthConfigWithDefaults => {\n // Read configuration that was set by the plugin via environment variables\n // Don't load environment cookies if explicit cookies are provided\n const hasExplicitCookies = config.cookies;\n\n const configFromEnv = withoutUndefined({\n clientId: process.env._civic_auth_client_id,\n oauthServer: process.env._civic_oauth_server,\n callbackUrl: process.env._civic_auth_callback_url,\n loginSuccessUrl: process.env._civic_auth_login_success_url,\n challengeUrl: process.env._civic_auth_challenge_url,\n loginUrl: process.env._civic_auth_login_url,\n loginInitUrl: process.env._civic_auth_login_init_url,\n logoutUrl: process.env._civic_auth_logout_url,\n logoutCallbackUrl: process.env._civic_auth_logout_callback_url,\n refreshUrl: process.env._civic_auth_refresh_url,\n userUrl: process.env._civic_auth_user_url,\n clearSessionUrl: process.env._civic_auth_clear_session_url,\n include: process.env._civic_auth_includes?.split(\",\"),\n exclude: process.env._civic_auth_excludes?.split(\",\"),\n cookies: hasExplicitCookies\n ? undefined\n : process.env._civic_auth_cookie_config\n ? JSON.parse(process.env._civic_auth_cookie_config)\n : undefined,\n basePath: process.env._civic_auth_base_path \|\| \"\",\n baseUrl: process.env._civic_auth_base_url,\n autoRedirect:\n process.env._civic_auth_auto_redirect === \"false\" ? false : undefined,\n disableRefresh:\n process.env._civic_auth_disable_refresh === \"true\" ? true : undefined,\n targetContainerElement: process.env._civic_auth_target_container_element,\n deepLinkHandling: ([\"fullUrl\", \"queryParamsOnly\", \"disabled\"].includes(\n process.env._civic_auth_deep_link_handling \|\| \"\",\n )\n ? process.env._civic_auth_deep_link_handling\n : undefined) as DeepLinkHandling \| undefined,\n }) as AuthConfig;\n\n // Ensure \"/api/auth/\" is always excluded\n const finalExclude = new Set([\n ...defaultAuthConfig.exclude,\n ...(configFromEnv.exclude \|\| []),\n ...(config.exclude ?? []),\n ]);\n\n // Store explicit cookies config before merge to preserve it\n const explicitCookies = config.cookies;\n\n // Perform a deep merge of the configurations\n const mergedConfig = merge.withOptions(\n { mergeArrays: false },\n defaultAuthConfig,\n configFromEnv,\n config,\n );\n\n // Override the exclude list with the ensured list\n mergedConfig.exclude = Array.from(finalExclude);\n\n // Update cookie configuration with basePath if it wasn't explicitly provided\n // Only auto-configure if no explicit cookies are provided anywhere\n if (!config.cookies && !configFromEnv.cookies && mergedConfig.basePath) {\n mergedConfig.cookies = createNextJSCookieConfig(mergedConfig.basePath);\n }\n\n // Merge explicit cookies with merged config to preserve both explicit settings and defaults\n if (explicitCookies && mergedConfig.cookies) {\n mergedConfig.cookies = merge.withOptions(\n { mergeArrays: false },\n mergedConfig.cookies,\n explicitCookies,\n );\n }\n\n // Security warnings for insecure cookie configurations\n const returnUrlCookieConfig =\n mergedConfig.cookies?.tokens?.[AuthFlowCookie.RETURN_URL];\n if (returnUrlCookieConfig) {\n if (returnUrlCookieConfig.httpOnly === false) {\n logger.warn(\n \"SECURITY WARNING: RETURN_URL cookie httpOnly is disabled. This exposes the cookie to XSS attacks.\",\n );\n }\n if (returnUrlCookieConfig.secure === false) {\n logger.warn(\n \"SECURITY WARNING: RETURN_URL cookie secure is disabled. This allows cookie theft over HTTP.\",\n );\n }\n if (returnUrlCookieConfig.sameSite === \"none\") {\n logger.warn(\n \"SECURITY WARNING: RETURN_URL cookie sameSite is set to 'none'. This allows cross-site request access.\",\n );\n }\n }\n\n if (mergedConfig.clientId === undefined) {\n throw new Error(\"Civic Auth client ID is required\");\n }\n\n return mergedConfig as AuthConfigWithDefaults & { clientId: string };\n};\n\n/\n Applies basePath to URLs based on URL_CONFIG rules\n /\nfunction applyBasePathToUrls(\n authConfig: AuthConfig,\n basePath: string,\n): Partial<AuthConfig> {\n const defaultUrlsWithBasePath: Record<string, string> = {};\n\n if (!basePath) return defaultUrlsWithBasePath;\n\n Object.entries(URL_CONFIG).forEach(([key, config]) => {\n // Skip if explicitly set in authConfig\n const currentValue = authConfig[key as keyof AuthConfig];\n if (\n currentValue !== undefined &&\n !(config.checkEmpty && currentValue === \"\")\n ) {\n return;\n }\n\n // Apply basePath based on config rules\n const urlValue = config.useBasePathOnly\n ? basePath\n : `${basePath}${config.defaultPath}`;\n\n defaultUrlsWithBasePath[key] = urlValue;\n });\n\n return defaultUrlsWithBasePath as Partial<AuthConfig>;\n}\n\n/\n Creates a Next.js plugin that handles auth configuration.\n \n This is the main configuration point for the auth system.\n * Do not set _civic_auth_* environment variables directly - instead,\n * pass your configuration here.\n \n The only required field is clientId.\n \n Notes:\n * - If you provide explicit URLs, they will be used exactly as provided.\n * - Default URLs will automatically include the basePath from your Next.js config.\n \n @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n * clientId: 'my-client-id',\n * });\n * ```\n \n @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n * clientId: 'my-client-id',\n * callbackUrl: '/custom/callback',\n * loginUrl: '/custom/login',\n * logoutUrl: '/custom/logout',\n * logoutCallbackUrl: '/custom/logoutcallback',\n * include: ['/protected/'],\n exclude: ['/public/']\n })\n * ```\n \n The plugin sets internal environment variables that are used by\n * the auth system. These variables should not be set manually.\n */\nexport type NextJSPluginFn = (nextConfig?: NextConfig) => NextConfig;\n\nexport const createCivicAuthPlugin = (\n authConfig: AuthConfig,\n): NextJSPluginFn => {\n return (nextConfig?: NextConfig) => {\n logger.debug(\n \"createCivicAuthPlugin nextConfig\",\n JSON.stringify(nextConfig, null, 2),\n );\n\n // Extract basePath from Next.js config\n const basePath = sanitizeBasePath(nextConfig?.basePath \|\| \"\");\n\n // Apply basePath to URLs using the configuration mapping\n const defaultUrlsWithBasePath = applyBasePathToUrls(authConfig, basePath);\n\n // Create final config with basePath and possibly modified URLs\n const resolvedConfig = resolveAuthConfig({\n ...defaultUrlsWithBasePath,\n ...authConfig,\n basePath,\n });\n\n return {\n ...nextConfig,\n env: {\n ...nextConfig?.env,\n // Internal environment variables - do not set these manually\n _civic_auth_client_id: resolvedConfig.clientId,\n _civic_oauth_server: resolvedConfig.oauthServer,\n _civic_auth_callback_url: resolvedConfig.callbackUrl,\n _civic_auth_login_success_url: resolvedConfig.loginSuccessUrl,\n _civic_auth_challenge_url: resolvedConfig.challengeUrl,\n _civic_auth_login_url: resolvedConfig.loginUrl,\n _civic_auth_login_init_url: resolvedConfig.loginInitUrl,\n _civic_auth_logout_url: resolvedConfig.logoutUrl,\n _civic_auth_logout_callback_url: resolvedConfig.logoutCallbackUrl,\n _civic_auth_refresh_url: resolvedConfig.refreshUrl,\n _civic_auth_user_url: resolvedConfig.userUrl,\n _civic_auth_clear_session_url: resolvedConfig.clearSessionUrl,\n _civic_auth_includes: resolvedConfig.include.join(\",\"),\n _civic_auth_excludes: resolvedConfig.exclude.join(\",\"),\n _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies),\n _civic_auth_base_path: resolvedConfig.basePath,\n _civic_auth_base_url: resolvedConfig.baseUrl,\n _civic_auth_auto_redirect: resolvedConfig.autoRedirect.toString(),\n _civic_auth_disable_refresh: resolvedConfig.disableRefresh?.toString(),\n _civic_auth_deep_link_handling: resolvedConfig.deepLinkHandling,\n },\n };\n };\n};\n"]}
1	+ {"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/nextjs/config.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EACL,cAAc,GAGf,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,KAAK,EAAE,MAAM,cAAc,CAAC;AACrC,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EACL,wBAAwB,GAEzB,MAAM,8BAA8B,CAAC;AAQtC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;AAY5C,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,WAAW,EAAE,EAAE,WAAW,EAAE,oBAAoB,EAAE,aAAa,EAAE,IAAI,EAAE;IACvE,YAAY,EAAE,EAAE,WAAW,EAAE,qBAAqB,EAAE,aAAa,EAAE,IAAI,EAAE;IACzE,UAAU,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE,aAAa,EAAE,IAAI,EAAE;IACrE,SAAS,EAAE,EAAE,WAAW,EAAE,kBAAkB,EAAE,aAAa,EAAE,IAAI,EAAE;IACnE,YAAY,EAAE,EAAE,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,IAAI,EAAE;IACrE,OAAO,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE,aAAa,EAAE,IAAI,EAAE;IAC/D,eAAe,EAAE;QACf,WAAW,EAAE,wBAAwB;QACrC,aAAa,EAAE,IAAI;KACpB;CACF,CAAC;AACF,MAAM,UAAU,GAAmC;IACjD,GAAG,gBAAgB;IACnB,iBAAiB,EAAE;QACjB,WAAW,EAAE,EAAE;QACf,aAAa,EAAE,IAAI;QACnB,eAAe,EAAE,IAAI;KACtB;IACD,QAAQ,EAAE;QACR,WAAW,EAAE,EAAE;QACf,aAAa,EAAE,IAAI;QACnB,eAAe,EAAE,IAAI;QACrB,UAAU,EAAE,IAAI;KACjB;IACD,eAAe,EAAE;QACf,WAAW,EAAE,EAAE;QACf,aAAa,EAAE,IAAI;QACnB,eAAe,EAAE,IAAI;QACrB,UAAU,EAAE,IAAI;KACjB;CACF,CAAC;AAoFF;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAA6C;IACzE,WAAW,EAAE,mBAAmB;IAChC,sBAAsB;IACtB,4DAA4D;IAC5D,GAAI,MAAM,CAAC,WAAW,CACpB,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC;QACrD,GAAG;QACH,KAAK,CAAC,WAAW;KAClB,CAAC,CAGF;IACF,qBAAqB;IACrB,eAAe,EAAE,SAAS,EAAE,mDAAmD;IAC/E,QAAQ,EAAE,GAAG;IACb,iBAAiB,EAAE,GAAG;IACtB,OAAO,EAAE,CAAC,KAAK,CAAC;IAChB,OAAO,EAAE,CAAC,cAAc,CAAC;IACzB,QAAQ,EAAE,EAAE;IACZ,OAAO,EAAE,SAAS,EAAE,8DAA8D;IAClF,YAAY,EAAE,IAAI,EAAE,8BAA8B;IAClD,OAAO,EAAE,wBAAwB,EAAE;IACnC,gBAAgB,EAAE,iBAAiB,EAAE,sEAAsE;CAC5G,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAC/B,SAA8B,EAAE,EACR,EAAE;IAC1B,0EAA0E;IAC1E,kEAAkE;IAClE,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC;IAE1C,MAAM,aAAa,GAAG,gBAAgB,CAAC;QACrC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;QAC3C,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB;QAC5C,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB;QACjD,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,6BAA6B;QAC1D,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;QACnD,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;QAC3C,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,0BAA0B;QACpD,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB;QAC7C,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,+BAA+B;QAC9D,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,uBAAuB;QAC/C,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB;QACzC,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,6BAA6B;QAC1D,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG,CAAC;QACrD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG,CAAC;QACrD,OAAO,EAAE,kBAAkB;YACzB,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB;gBACrC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;gBACnD,CAAC,CAAC,SAAS;QACf,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,EAAE;QACjD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB;QACzC,YAAY,EACV,OAAO,CAAC,GAAG,CAAC,yBAAyB,KAAK,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QACvE,cAAc,EACZ,OAAO,CAAC,GAAG,CAAC,2BAA2B,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;QACvE,sBAAsB,EAAE,OAAO,CAAC,GAAG,CAAC,oCAAoC;QACxE,gBAAgB,EAAE,CAAC,CAAC,SAAS,EAAE,iBAAiB,EAAE,UAAU,CAAC,CAAC,QAAQ,CACpE,OAAO,CAAC,GAAG,CAAC,8BAA8B,IAAI,EAAE,CACjD;YACC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,8BAA8B;YAC5C,CAAC,CAAC,SAAS,CAAiC;KAC/C,CAAe,CAAC;IAEjB,2CAA2C;IAC3C,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;QAC3B,GAAG,iBAAiB,CAAC,OAAO;QAC5B,GAAG,CAAC,aAAa,CAAC,OAAO,IAAI,EAAE,CAAC;QAChC,GAAG,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;KAC1B,CAAC,CAAC;IAEH,4DAA4D;IAC5D,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC;IAEvC,6CAA6C;IAC7C,MAAM,YAAY,GAAG,KAAK,CAAC,WAAW,CACpC,EAAE,WAAW,EAAE,KAAK,EAAE,EACtB,iBAAiB,EACjB,aAAa,EACb,MAAM,CACP,CAAC;IAEF,kDAAkD;IAClD,YAAY,CAAC,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAEhD,6EAA6E;IAC7E,mEAAmE;IACnE,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,aAAa,CAAC,OAAO,IAAI,YAAY,CAAC,QAAQ,EAAE,CAAC;QACvE,YAAY,CAAC,OAAO,GAAG,wBAAwB,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IACzE,CAAC;IAED,4FAA4F;IAC5F,IAAI,eAAe,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;QAC5C,YAAY,CAAC,OAAO,GAAG,KAAK,CAAC,WAAW,CACtC,EAAE,WAAW,EAAE,KAAK,EAAE,EACtB,YAAY,CAAC,OAAO,EACpB,eAAe,CAChB,CAAC;IACJ,CAAC;IAED,uDAAuD;IACvD,MAAM,qBAAqB,GACzB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IAC5D,IAAI,qBAAqB,EAAE,CAAC;QAC1B,IAAI,qBAAqB,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;YAC7C,MAAM,CAAC,IAAI,CACT,mGAAmG,CACpG,CAAC;QACJ,CAAC;QACD,IAAI,qBAAqB,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YAC3C,MAAM,CAAC,IAAI,CACT,6FAA6F,CAC9F,CAAC;QACJ,CAAC;QACD,IAAI,qBAAqB,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;YAC9C,MAAM,CAAC,IAAI,CACT,uGAAuG,CACxG,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,YAAY,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IAED,OAAO,YAA6D,CAAC;AACvE,CAAC,CAAC;AAEF;;GAEG;AACH,SAAS,mBAAmB,CAC1B,UAAsB,EACtB,QAAgB;IAEhB,MAAM,uBAAuB,GAA2B,EAAE,CAAC;IAE3D,IAAI,CAAC,QAAQ;QAAE,OAAO,uBAAuB,CAAC;IAE9C,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,MAAM,CAAC,EAAE,EAAE;QACnD,uCAAuC;QACvC,MAAM,YAAY,GAAG,UAAU,CAAC,GAAuB,CAAC,CAAC;QACzD,IACE,YAAY,KAAK,SAAS;YAC1B,CAAC,CAAC,MAAM,CAAC,UAAU,IAAI,YAAY,KAAK,EAAE,CAAC,EAC3C,CAAC;YACD,OAAO;QACT,CAAC;QAED,uCAAuC;QACvC,MAAM,QAAQ,GAAG,MAAM,CAAC,eAAe;YACrC,CAAC,CAAC,QAAQ;YACV,CAAC,CAAC,GAAG,QAAQ,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;QAEvC,uBAAuB,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,OAAO,uBAA8C,CAAC;AACxD,CAAC;AA0CD,MAAM,CAAC,MAAM,qBAAqB,GAAG,CACnC,UAAsB,EACN,EAAE;IAClB,OAAO,CAAC,UAAuB,EAAE,EAAE;QACjC,MAAM,CAAC,KAAK,CACV,kCAAkC,EAClC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CACpC,CAAC;QAEF,uCAAuC;QACvC,MAAM,QAAQ,GAAG,gBAAgB,CAAC,UAAU,EAAE,QAAQ,IAAI,EAAE,CAAC,CAAC;QAE9D,yDAAyD;QACzD,MAAM,uBAAuB,GAAG,mBAAmB,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAE1E,+DAA+D;QAC/D,MAAM,cAAc,GAAG,iBAAiB,CAAC;YACvC,GAAG,uBAAuB;YAC1B,GAAG,UAAU;YACb,QAAQ;SACT,CAAC,CAAC;QAEH,OAAO;YACL,GAAG,UAAU;YACb,GAAG,EAAE;gBACH,GAAG,UAAU,EAAE,GAAG;gBAClB,6DAA6D;gBAC7D,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,mBAAmB,EAAE,cAAc,CAAC,WAAW;gBAC/C,wBAAwB,EAAE,cAAc,CAAC,WAAW;gBACpD,6BAA6B,EAAE,cAAc,CAAC,eAAe;gBAC7D,yBAAyB,EAAE,cAAc,CAAC,YAAY;gBACtD,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,0BAA0B,EAAE,cAAc,CAAC,YAAY;gBACvD,sBAAsB,EAAE,cAAc,CAAC,SAAS;gBAChD,+BAA+B,EAAE,cAAc,CAAC,iBAAiB;gBACjE,uBAAuB,EAAE,cAAc,CAAC,UAAU;gBAClD,oBAAoB,EAAE,cAAc,CAAC,OAAO;gBAC5C,6BAA6B,EAAE,cAAc,CAAC,eAAe;gBAC7D,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtD,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtD,yBAAyB,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,OAAO,CAAC;gBACjE,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,oBAAoB,EAAE,cAAc,CAAC,OAAO;gBAC5C,yBAAyB,EAAE,cAAc,CAAC,YAAY,CAAC,QAAQ,EAAE;gBACjE,2BAA2B,EAAE,cAAc,CAAC,cAAc,EAAE,QAAQ,EAAE;gBACtE,8BAA8B,EAAE,cAAc,CAAC,gBAAgB;aAChE;SACF,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC,CAAC","sourcesContent":["/* eslint-disable turbo/no-undeclared-env-vars /\nimport type { NextConfig } from \"next\";\nimport { loggers } from \"@/lib/logger.js\";\nimport { withoutUndefined } from \"@/utils.js\";\nimport {\n AuthFlowCookie,\n type CookieConfig,\n type TokensCookieConfig,\n} from \"@/shared/lib/types.js\";\nimport { DEFAULT_AUTH_SERVER } from \"@/constants.js\";\nimport { merge } from \"ts-deepmerge\";\nimport { sanitizeBasePath } from \"./utils.js\";\nimport {\n createNextJSCookieConfig,\n type CookiesConfigObject,\n} from \"@/shared/lib/cookieConfig.js\";\nimport type { DeepLinkHandling } from \"@/server/config.js\";\n\n// Re-export the shared type for public API\nexport type { CookiesConfigObject };\n// Re-export DeepLinkHandling for backward compatibility\nexport type { DeepLinkHandling } from \"@/server/config.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\n/\n URL configuration mapping for applying basePath\n /\ntype UrlConfigEntry = {\n defaultPath: string;\n applyBasePath: boolean;\n useBasePathOnly?: boolean;\n checkEmpty?: boolean;\n};\n\nexport const systemUrlsConfig = {\n callbackUrl: { defaultPath: \"/api/auth/callback\", applyBasePath: true },\n challengeUrl: { defaultPath: \"/api/auth/challenge\", applyBasePath: true },\n refreshUrl: { defaultPath: \"/api/auth/refresh\", applyBasePath: true },\n logoutUrl: { defaultPath: \"/api/auth/logout\", applyBasePath: true },\n loginInitUrl: { defaultPath: \"/api/auth/login\", applyBasePath: true },\n userUrl: { defaultPath: \"/api/auth/user\", applyBasePath: true },\n clearSessionUrl: {\n defaultPath: \"/api/auth/clearsession\",\n applyBasePath: true,\n },\n};\nconst URL_CONFIG: Record<string, UrlConfigEntry> = {\n ...systemUrlsConfig,\n logoutCallbackUrl: {\n defaultPath: \"\",\n applyBasePath: true,\n useBasePathOnly: true,\n },\n loginUrl: {\n defaultPath: \"\",\n applyBasePath: true,\n useBasePathOnly: true,\n checkEmpty: true,\n },\n loginSuccessUrl: {\n defaultPath: \"\",\n applyBasePath: true,\n useBasePathOnly: true,\n checkEmpty: true,\n },\n};\n\n/\n Configuration values for Civic Auth.\n * Only clientId is required, all others are optional.\n /\nexport type AuthConfigWithDefaults = {\n clientId: string;\n oauthServer: string;\n // Internal API routes\n callbackUrl: string; // where Civic's internal OAuth callback is hosted\n loginInitUrl: string; // Internal auth route for initiating login flow (e.g., /api/auth/login)\n logoutUrl: string;\n challengeUrl: string;\n refreshUrl: string;\n userUrl: string;\n clearSessionUrl: string;\n // User-facing routes\n loginSuccessUrl?: string; // where the user should be sent after the entire login completes, including the token exchange\n // The path the user will be sent to if they access a resource that needs\n // them to be logged in. If there is a dedicated login page, it can be set here.\n // Note: This is NOT for internal auth routes - see loginInitUrl for that.\n loginUrl: string;\n logoutCallbackUrl: string;\n include: string[];\n exclude: string[];\n cookies: CookiesConfigObject;\n basePath?: string;\n baseUrl?: string; // Public domain for apps behind reverse proxies (e.g., \"https://myapp.com\")\n autoRedirect: boolean;\n disableRefresh?: boolean; // Disable automatic token refresh\n targetContainerElement?: HTMLElement \| string;\n /\n Controls how deep links (original URLs) are handled after authentication.\n * @see DeepLinkHandling\n * @default \"fullUrl\"\n /\n deepLinkHandling: DeepLinkHandling;\n};\n\n/\n All possible config values for Civic Auth\n /\nexport type OptionalAuthConfig = Partial<\n \| AuthConfigWithDefaults\n \| {\n cookies?: {\n tokens?: Partial<TokensCookieConfig>;\n user?: CookieConfig;\n };\n }\n> & {\n // Ensure TypeScript understands these properties are available\n // This doesn't change the public API, just helps TypeScript internally\n callbackUrl?: string; // where Civic's internal OAuth callback is hosted\n loginSuccessUrl?: string; // where the user should be sent after the entire login completes, including the token exchange\n loginUrl?: string;\n loginInitUrl?: string;\n logoutUrl?: string;\n logoutCallbackUrl?: string;\n challengeUrl?: string;\n refreshUrl?: string;\n userUrl?: string;\n clearSessionUrl?: string;\n include?: string[];\n exclude?: string[];\n basePath?: string;\n baseUrl?: string;\n oauthServer?: string;\n autoRedirect?: boolean;\n disableRefresh?: boolean;\n targetContainerElement?: HTMLElement \| string;\n deepLinkHandling?: DeepLinkHandling;\n};\n\n/\n Configuration values for Civic Auth.\n * Only clientId is required, all others are optional.\n /\nexport type AuthConfig = OptionalAuthConfig & {\n clientId: string;\n exclude?: string[];\n};\n\n/\n Default configuration values that will be used if not overridden\n /\nexport const defaultAuthConfig: Omit<AuthConfigWithDefaults, \"clientId\"> = {\n oauthServer: DEFAULT_AUTH_SERVER,\n // Internal API routes\n // deconstruct systemUrls to set the keys and default values\n ...(Object.fromEntries(\n Object.entries(systemUrlsConfig).map(([key, value]) => [\n key,\n value.defaultPath,\n ]),\n ) as {\n [key in keyof typeof systemUrlsConfig]: string;\n }),\n // User-facing routes\n loginSuccessUrl: undefined, // By default, the user is sent to the redirect_url\n loginUrl: \"/\",\n logoutCallbackUrl: \"/\",\n include: [\"/\"],\n exclude: [\"/api/auth/\"],\n basePath: \"\",\n baseUrl: undefined, // No default - will use request.nextUrl.origin when undefined\n autoRedirect: true, // Default to current behavior\n cookies: createNextJSCookieConfig(),\n deepLinkHandling: \"queryParamsOnly\", // Default to preserving query params while respecting loginSuccessUrl\n};\n\n/\n Resolves the authentication configuration by combining:\n * 1. Default values\n * 2. Environment variables (set internally by the plugin)\n * 3. Explicitly passed configuration\n \n Config will be merged deeply, with arrays not merged, so that the\n * default include list (for example) [\"/\"] will not be added\n \n * Note: Developers should not set _civic_auth_* environment variables directly.\n * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:\n \n @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n * callbackUrl: '/custom/callback',\n * })\n * ```\n /\nexport const resolveAuthConfig = (\n config: Partial<AuthConfig> = {},\n): AuthConfigWithDefaults => {\n // Read configuration that was set by the plugin via environment variables\n // Don't load environment cookies if explicit cookies are provided\n const hasExplicitCookies = config.cookies;\n\n const configFromEnv = withoutUndefined({\n clientId: process.env._civic_auth_client_id,\n oauthServer: process.env._civic_oauth_server,\n callbackUrl: process.env._civic_auth_callback_url,\n loginSuccessUrl: process.env._civic_auth_login_success_url,\n challengeUrl: process.env._civic_auth_challenge_url,\n loginUrl: process.env._civic_auth_login_url,\n loginInitUrl: process.env._civic_auth_login_init_url,\n logoutUrl: process.env._civic_auth_logout_url,\n logoutCallbackUrl: process.env._civic_auth_logout_callback_url,\n refreshUrl: process.env._civic_auth_refresh_url,\n userUrl: process.env._civic_auth_user_url,\n clearSessionUrl: process.env._civic_auth_clear_session_url,\n include: process.env._civic_auth_includes?.split(\",\"),\n exclude: process.env._civic_auth_excludes?.split(\",\"),\n cookies: hasExplicitCookies\n ? undefined\n : process.env._civic_auth_cookie_config\n ? JSON.parse(process.env._civic_auth_cookie_config)\n : undefined,\n basePath: process.env._civic_auth_base_path \|\| \"\",\n baseUrl: process.env._civic_auth_base_url,\n autoRedirect:\n process.env._civic_auth_auto_redirect === \"false\" ? false : undefined,\n disableRefresh:\n process.env._civic_auth_disable_refresh === \"true\" ? true : undefined,\n targetContainerElement: process.env._civic_auth_target_container_element,\n deepLinkHandling: ([\"fullUrl\", \"queryParamsOnly\", \"disabled\"].includes(\n process.env._civic_auth_deep_link_handling \|\| \"\",\n )\n ? process.env._civic_auth_deep_link_handling\n : undefined) as DeepLinkHandling \| undefined,\n }) as AuthConfig;\n\n // Ensure \"/api/auth/\" is always excluded\n const finalExclude = new Set([\n ...defaultAuthConfig.exclude,\n ...(configFromEnv.exclude \|\| []),\n ...(config.exclude ?? []),\n ]);\n\n // Store explicit cookies config before merge to preserve it\n const explicitCookies = config.cookies;\n\n // Perform a deep merge of the configurations\n const mergedConfig = merge.withOptions(\n { mergeArrays: false },\n defaultAuthConfig,\n configFromEnv,\n config,\n );\n\n // Override the exclude list with the ensured list\n mergedConfig.exclude = Array.from(finalExclude);\n\n // Update cookie configuration with basePath if it wasn't explicitly provided\n // Only auto-configure if no explicit cookies are provided anywhere\n if (!config.cookies && !configFromEnv.cookies && mergedConfig.basePath) {\n mergedConfig.cookies = createNextJSCookieConfig(mergedConfig.basePath);\n }\n\n // Merge explicit cookies with merged config to preserve both explicit settings and defaults\n if (explicitCookies && mergedConfig.cookies) {\n mergedConfig.cookies = merge.withOptions(\n { mergeArrays: false },\n mergedConfig.cookies,\n explicitCookies,\n );\n }\n\n // Security warnings for insecure cookie configurations\n const returnUrlCookieConfig =\n mergedConfig.cookies?.tokens?.[AuthFlowCookie.RETURN_URL];\n if (returnUrlCookieConfig) {\n if (returnUrlCookieConfig.httpOnly === false) {\n logger.warn(\n \"SECURITY WARNING: RETURN_URL cookie httpOnly is disabled. This exposes the cookie to XSS attacks.\",\n );\n }\n if (returnUrlCookieConfig.secure === false) {\n logger.warn(\n \"SECURITY WARNING: RETURN_URL cookie secure is disabled. This allows cookie theft over HTTP.\",\n );\n }\n if (returnUrlCookieConfig.sameSite === \"none\") {\n logger.warn(\n \"SECURITY WARNING: RETURN_URL cookie sameSite is set to 'none'. This allows cross-site request access.\",\n );\n }\n }\n\n if (mergedConfig.clientId === undefined) {\n throw new Error(\"Civic Auth client ID is required\");\n }\n\n return mergedConfig as AuthConfigWithDefaults & { clientId: string };\n};\n\n/\n Applies basePath to URLs based on URL_CONFIG rules\n /\nfunction applyBasePathToUrls(\n authConfig: AuthConfig,\n basePath: string,\n): Partial<AuthConfig> {\n const defaultUrlsWithBasePath: Record<string, string> = {};\n\n if (!basePath) return defaultUrlsWithBasePath;\n\n Object.entries(URL_CONFIG).forEach(([key, config]) => {\n // Skip if explicitly set in authConfig\n const currentValue = authConfig[key as keyof AuthConfig];\n if (\n currentValue !== undefined &&\n !(config.checkEmpty && currentValue === \"\")\n ) {\n return;\n }\n\n // Apply basePath based on config rules\n const urlValue = config.useBasePathOnly\n ? basePath\n : `${basePath}${config.defaultPath}`;\n\n defaultUrlsWithBasePath[key] = urlValue;\n });\n\n return defaultUrlsWithBasePath as Partial<AuthConfig>;\n}\n\n/\n Creates a Next.js plugin that handles auth configuration.\n \n This is the main configuration point for the auth system.\n * Do not set _civic_auth_* environment variables directly - instead,\n * pass your configuration here.\n \n The only required field is clientId.\n \n Notes:\n * - If you provide explicit URLs, they will be used exactly as provided.\n * - Default URLs will automatically include the basePath from your Next.js config.\n \n @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n * clientId: 'my-client-id',\n * });\n * ```\n \n @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n * clientId: 'my-client-id',\n * callbackUrl: '/custom/callback',\n * loginUrl: '/custom/login',\n * logoutUrl: '/custom/logout',\n * logoutCallbackUrl: '/custom/logoutcallback',\n * include: ['/protected/'],\n exclude: ['/public/']\n })\n * ```\n \n The plugin sets internal environment variables that are used by\n * the auth system. These variables should not be set manually.\n */\nexport type NextJSPluginFn = (nextConfig?: NextConfig) => NextConfig;\n\nexport const createCivicAuthPlugin = (\n authConfig: AuthConfig,\n): NextJSPluginFn => {\n return (nextConfig?: NextConfig) => {\n logger.debug(\n \"createCivicAuthPlugin nextConfig\",\n JSON.stringify(nextConfig, null, 2),\n );\n\n // Extract basePath from Next.js config\n const basePath = sanitizeBasePath(nextConfig?.basePath \|\| \"\");\n\n // Apply basePath to URLs using the configuration mapping\n const defaultUrlsWithBasePath = applyBasePathToUrls(authConfig, basePath);\n\n // Create final config with basePath and possibly modified URLs\n const resolvedConfig = resolveAuthConfig({\n ...defaultUrlsWithBasePath,\n ...authConfig,\n basePath,\n });\n\n return {\n ...nextConfig,\n env: {\n ...nextConfig?.env,\n // Internal environment variables - do not set these manually\n _civic_auth_client_id: resolvedConfig.clientId,\n _civic_oauth_server: resolvedConfig.oauthServer,\n _civic_auth_callback_url: resolvedConfig.callbackUrl,\n _civic_auth_login_success_url: resolvedConfig.loginSuccessUrl,\n _civic_auth_challenge_url: resolvedConfig.challengeUrl,\n _civic_auth_login_url: resolvedConfig.loginUrl,\n _civic_auth_login_init_url: resolvedConfig.loginInitUrl,\n _civic_auth_logout_url: resolvedConfig.logoutUrl,\n _civic_auth_logout_callback_url: resolvedConfig.logoutCallbackUrl,\n _civic_auth_refresh_url: resolvedConfig.refreshUrl,\n _civic_auth_user_url: resolvedConfig.userUrl,\n _civic_auth_clear_session_url: resolvedConfig.clearSessionUrl,\n _civic_auth_includes: resolvedConfig.include.join(\",\"),\n _civic_auth_excludes: resolvedConfig.exclude.join(\",\"),\n _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies),\n _civic_auth_base_path: resolvedConfig.basePath,\n _civic_auth_base_url: resolvedConfig.baseUrl,\n _civic_auth_auto_redirect: resolvedConfig.autoRedirect.toString(),\n _civic_auth_disable_refresh: resolvedConfig.disableRefresh?.toString(),\n _civic_auth_deep_link_handling: resolvedConfig.deepLinkHandling,\n },\n };\n };\n};\n"]}

package/dist/nextjs/cookies.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"cookies.d.ts","sourceRoot":"","sources":["../../src/nextjs/cookies.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAGL,KAAK,YAAY,EAClB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAGxD,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAqCjE;;GAEG;AACH,QAAA,MAAM,gBAAgB,~~YAAmB~~,OAAO,CAAC,sBAAsB,CAAC,kBAsBvE,CAAC;AAEF,cAAM,mBAAoB,SAAQ,aAAa;IAC1B,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;gBAAhD,MAAM,GAAE,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,CAAM;IAOlE,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAqBxC,GAAG,CACP,GAAG,EAAE,SAAS,EACd,KAAK,EAAE,MAAM,EACb,oBAAoB,GAAE,OAAO,CAAC,YAAY,CAAM,GAC/C,OAAO,CAAC,IAAI,CAAC;IAsBV,MAAM,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;~~CAgB5C~~;AAED,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,CAAC"}
1	+ {"version":3,"file":"cookies.d.ts","sourceRoot":"","sources":["../../src/nextjs/cookies.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAGL,KAAK,YAAY,EAClB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAGxD,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAqCjE;;GAEG;AACH,QAAA,MAAM,gBAAgB,GAAU,SAAS,OAAO,CAAC,sBAAsB,CAAC,kBAsBvE,CAAC;AAEF,cAAM,mBAAoB,SAAQ,aAAa;IAC1B,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;gBAAhD,MAAM,GAAE,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,CAAM;IAOlE,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAqBxC,GAAG,CACP,GAAG,EAAE,SAAS,EACd,KAAK,EAAE,MAAM,EACb,oBAAoB,GAAE,OAAO,CAAC,YAAY,CAAM,GAC/C,OAAO,CAAC,IAAI,CAAC;IAsBV,MAAM,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;CAmB5C;AAED,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,CAAC"}

package/dist/nextjs/cookies.js CHANGED Viewed

@@ -108,16 +108,17 @@ class NextjsCookieStorage extends CookieStorage {
         const cookieStore = await cookies();
         // Get cookie configuration for this key to respect the path setting
         const cookieSettings = this.config?.[key] || {};
-        // If we have a path configured, use it when deleting the cookie
-        if (cookieSettings.path) {
-            cookieStore.set(key, "", {
-                maxAge: 0, // Immediately expire the cookie
-                path: cookieSettings.path,
-            });
-        }
-        else {
-            cookieStore.delete(key);
-        }
+        // IMPORTANT: Use getCookieConfiguration to match the dynamic secure/sameSite
+        // values used when setting the cookie, otherwise the browser won't recognize
+        // it as the same cookie and won't delete it.
+        const request = await createRequestFromHeaders();
+        const dynamicConfig = getCookieConfiguration(request);
+        cookieStore.set(key, "", {
+            maxAge: 0, // Immediately expire the cookie
+            path: cookieSettings.path || "/",
+            secure: dynamicConfig.secure,
+            sameSite: dynamicConfig.sameSite,
+        });
     }
 }
 export { clearAuthCookies, NextjsCookieStorage };

package/dist/nextjs/cookies.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"cookies.js","sourceRoot":"","sources":["../../src/nextjs/cookies.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAC;AAGzE,OAAO,EACL,cAAc,EACd,WAAW,GAEZ,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,KAAK,OAAO,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAG9D;;GAEG;AACH,MAAM,wBAAwB,GAAG,KAAK,IAAkC,EAAE;IACxE,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACrC,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAChD,MAAM,QAAQ,GACZ,WAAW,CAAC,GAAG,CAAC,mBAAmB,CAAC;YACpC,WAAW,CAAC,GAAG,CAAC,sBAAsB,CAAC;YACvC,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAE7D,IAAI,CAAC,IAAI;YAAE,OAAO,SAAS,CAAC;QAE5B,MAAM,GAAG,GAAG,GAAG,QAAQ,MAAM,IAAI,GAAG,CAAC;QAErC,2DAA2D;QAC3D,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE;YAC/B,OAAO,EAAE;gBACP,YAAY,EAAE,SAAS,IAAI,EAAE;gBAC7B,mBAAmB,EAAE,WAAW,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,EAAE;gBAC/D,sBAAsB,EAAE,WAAW,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,EAAE;gBACrE,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE;aAC9C;SACF,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,qCAAqC,EAAE,KAAK,CAAC,CAAC;QAC5D,iDAAiD;QACjD,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,gBAAgB,GAAG,KAAK,EAAE,MAAwC,EAAE,EAAE;IAC1E,kEAAkE;IAClE,MAAM,aAAa,GAAG,IAAI,mBAAmB,CAAC;QAC5C,GAAG,MAAM,EAAE,OAAO,EAAE,MAAM;QAC1B,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI;KAC1C,CAAC,CAAC;IACH,MAAM,OAAO,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;IAE9C,iFAAiF;IACjF,6EAA6E;IAC7E,4EAA4E;IAC5E,MAAM,qBAAqB,GACzB,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IACvD,MAAM,UAAU,GAAG,qBAAqB,EAAE,IAAI,IAAI,MAAM,EAAE,QAAQ,IAAI,GAAG,CAAC;IAC1E,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,WAAW,CAAC,GAAG,CAAC,cAAc,CAAC,UAAU,EAAE,EAAE,EAAE;QAC7C,MAAM,EAAE,CAAC,EAAE,gCAAgC;QAC3C,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,qBAAqB,EAAE,QAAQ,IAAI,IAAI;QACjD,MAAM,EAAE,qBAAqB,EAAE,MAAM,IAAI,IAAI;QAC7C,QAAQ,EAAE,qBAAqB,EAAE,QAAQ,IAAI,QAAQ;KACtD,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,MAAM,mBAAoB,SAAQ,aAAa;IAC1B;IAAnB,YAAmB,SAAmD,EAAE;QACtE,KAAK,CAAC;YACJ,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,IAAI;SACf,CAAC,CAAC;QAJc,WAAM,GAAN,MAAM,CAA+C;IAKxE,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,GAAgB,CAAC,IAAI,EAAE,CAAC;QAC7D,MAAM,cAAc,GAAG,cAAc,CAAC,IAAI,CAAC;QAE3C,iFAAiF;QACjF,mFAAmF;QACnF,IAAI,cAAc,IAAI,cAAc,KAAK,GAAG,EAAE,CAAC;YAC7C,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;YACpC,MAAM,YAAY,GAAG,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC/C,MAAM,QAAQ,GAAG,0BAA0B,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;YAC/D,IAAI,QAAQ,EAAE,CAAC;gBACb,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACzC,OAAO,WAAW,EAAE,KAAK,IAAI,IAAI,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,GAAG,CACP,GAAc,EACd,KAAa,EACb,uBAA8C,EAAE;QAEhD,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,GAAgB,CAAC,IAAI;YACxD,GAAG,IAAI,CAAC,QAAQ;SACjB,CAAC;QAEF,oEAAoE;QACpE,MAAM,OAAO,GAAG,MAAM,wBAAwB,EAAE,CAAC;QACjD,MAAM,aAAa,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;QAEtD,MAAM,iBAAiB,GAAG;YACxB,GAAG,cAAc;YACjB,GAAG,oBAAoB;YACvB,sDAAsD;YACtD,MAAM,EAAE,aAAa,CAAC,MAAM;YAC5B,QAAQ,EAAE,aAAa,CAAC,QAAQ;SACjC,CAAC;QAEF,2EAA2E;QAC3E,MAAM,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,iBAAiB,CAAC,CAAC;IACvD,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAc;QACzB,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QAEpC,oEAAoE;QACpE,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,GAAgB,CAAC,IAAI,EAAE,CAAC;QAE7D,~~gEAAgE~~;~~QAChE~~,~~IAAI~~,~~cAAc~~,~~CAAC~~,~~IAAI~~,EAAE,CAAC;~~YACxB~~,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,EAAE;~~gBACvB~~,MAAM,EAAE,CAAC,EAAE,gCAAgC;~~gBAC3C~~,IAAI,EAAE,cAAc,CAAC,IAAI~~;aAC1B~~,~~CAAC~~,~~CAAC~~;~~QACL~~,~~CAAC;aAAM~~,~~CAAC;YACN~~,~~WAAW~~,CAAC,MAAM,~~CAAC~~,~~GAAG~~,CAAC,~~CAAC~~;~~QAC1B~~,CAAC;~~IACH~~,CAAC;CACF;AAED,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,CAAC","sourcesContent":["import { cookies, headers } from \"next/headers.js\";\nimport { extractCookieFromRawHeader } from \"@/shared/lib/cookieUtils.js\";\n\nimport type { KeySetter } from \"@/shared/lib/types.js\";\nimport {\n AuthFlowCookie,\n UserStorage,\n type CookieConfig,\n} from \"@/shared/lib/types.js\";\nimport { CookieStorage } from \"@/shared/lib/storage.js\";\nimport * as session from \"@/shared/lib/session.js\";\nimport { getCookieConfiguration } from \"@/shared/lib/util.js\";\nimport type { AuthConfigWithDefaults } from \"@/nextjs/config.js\";\n\n/*\n Create a mock Request object from Next.js headers for cookie configuration\n /\nconst createRequestFromHeaders = async (): Promise<Request \| undefined> => {\n try {\n const headerStore = await headers();\n const host = headerStore.get(\"host\");\n const userAgent = headerStore.get(\"user-agent\");\n const protocol =\n headerStore.get(\"x-forwarded-proto\") \|\|\n headerStore.get(\"x-forwarded-protocol\") \|\|\n (process.env.NODE_ENV === \"production\" ? \"https\" : \"http\");\n\n if (!host) return undefined;\n\n const url = `${protocol}://${host}/`;\n\n // Create a minimal Request object with the headers we need\n const request = new Request(url, {\n headers: {\n \"user-agent\": userAgent \|\| \"\",\n \"x-forwarded-proto\": headerStore.get(\"x-forwarded-proto\") \|\| \"\",\n \"x-forwarded-protocol\": headerStore.get(\"x-forwarded-protocol\") \|\| \"\",\n forwarded: headerStore.get(\"forwarded\") \|\| \"\",\n },\n });\n\n return request;\n } catch (error) {\n console.error(\"Error creating request from headers\", error);\n // Headers might not be available in all contexts\n return undefined;\n }\n};\n\n/\n Clears all authentication cookies on server. Note, this can only be called by the server\n */\nconst clearAuthCookies = async (config?: Partial<AuthConfigWithDefaults>) => {\n // Use resolved config cookies if available, otherwise use default\n const cookieStorage = new NextjsCookieStorage({\n ...config?.cookies?.tokens,\n [UserStorage.USER]: config?.cookies?.user,\n });\n await session.clearAuthCookies(cookieStorage);\n\n // Also clear auth flow cookies (like returnUrl) that are not part of the session\n // This prevents stale deep-link cookies from being re-instated during logout\n // Use the same path fallback chain as handleCallback's clearReturnUrlCookie\n const returnUrlCookieConfig =\n config?.cookies?.tokens?.[AuthFlowCookie.RETURN_URL];\n const cookiePath = returnUrlCookieConfig?.path ?? config?.basePath ?? \"/\";\n const cookieStore = await cookies();\n cookieStore.set(AuthFlowCookie.RETURN_URL, \"\", {\n maxAge: 0, // Immediately expire the cookie\n path: cookiePath,\n httpOnly: returnUrlCookieConfig?.httpOnly ?? true,\n secure: returnUrlCookieConfig?.secure ?? true,\n sameSite: returnUrlCookieConfig?.sameSite ?? \"strict\",\n });\n};\n\nclass NextjsCookieStorage extends CookieStorage {\n constructor(public config: Partial<Record<KeySetter, CookieConfig>> = {}) {\n super({\n secure: true,\n httpOnly: true,\n });\n }\n\n async get(key: string): Promise<string \| null> {\n const cookieStore = await cookies();\n const cookieSettings = this.config?.[key as KeySetter] \|\| {};\n const configuredPath = cookieSettings.path;\n\n // If we have a non-root basePath, use raw header parsing to get the first cookie\n // which should be from the most specific path, avoiding duplicate cookie conflicts\n if (configuredPath && configuredPath !== \"/\") {\n const headerStore = await headers();\n const cookieHeader = headerStore.get(\"cookie\");\n const rawValue = extractCookieFromRawHeader(cookieHeader, key);\n if (rawValue) {\n return rawValue;\n }\n }\n\n // Fallback to standard Next.js cookie store\n const cookieValue = cookieStore.get(key);\n return cookieValue?.value \|\| null;\n }\n\n async set(\n key: KeySetter,\n value: string,\n cookieConfigOverride: Partial<CookieConfig> = {},\n ): Promise<void> {\n const cookieStore = await cookies();\n const cookieSettings = this.config?.[key as KeySetter] \|\| {\n ...this.settings,\n };\n\n // Get dynamic cookie configuration based on environment and browser\n const request = await createRequestFromHeaders();\n const dynamicConfig = getCookieConfiguration(request);\n\n const useCookieSettings = {\n ...cookieSettings,\n ...cookieConfigOverride,\n // Apply dynamic configuration for secure and sameSite\n secure: dynamicConfig.secure,\n sameSite: dynamicConfig.sameSite,\n };\n\n // Respect the httpOnly setting from configuration instead of hardcoding it\n await cookieStore.set(key, value, useCookieSettings);\n }\n\n async delete(key: KeySetter): Promise<void> {\n const cookieStore = await cookies();\n\n // Get cookie configuration for this key to respect the path setting\n const cookieSettings = this.config?.[key as KeySetter] \|\| {};\n\n // If we ~~have~~ a ~~path~~ ~~configured,~~ ~~use~~ it when ~~deleting~~ the cookie\n if (~~cookieSettings.path~~) {\n cookieStore.set(key, \"\", {\n maxAge: 0, // Immediately expire the cookie\n path: cookieSettings.path,\n ~~});\n }~~ ~~else {\~~n ~~cookieStore~~.~~delete(key);\~~n }\n }\n}\n\nexport { clearAuthCookies, NextjsCookieStorage };\n"]}
1	+ {"version":3,"file":"cookies.js","sourceRoot":"","sources":["../../src/nextjs/cookies.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAC;AAGzE,OAAO,EACL,cAAc,EACd,WAAW,GAEZ,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,KAAK,OAAO,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAG9D;;GAEG;AACH,MAAM,wBAAwB,GAAG,KAAK,IAAkC,EAAE;IACxE,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACrC,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAChD,MAAM,QAAQ,GACZ,WAAW,CAAC,GAAG,CAAC,mBAAmB,CAAC;YACpC,WAAW,CAAC,GAAG,CAAC,sBAAsB,CAAC;YACvC,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAE7D,IAAI,CAAC,IAAI;YAAE,OAAO,SAAS,CAAC;QAE5B,MAAM,GAAG,GAAG,GAAG,QAAQ,MAAM,IAAI,GAAG,CAAC;QAErC,2DAA2D;QAC3D,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE;YAC/B,OAAO,EAAE;gBACP,YAAY,EAAE,SAAS,IAAI,EAAE;gBAC7B,mBAAmB,EAAE,WAAW,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,EAAE;gBAC/D,sBAAsB,EAAE,WAAW,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,EAAE;gBACrE,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE;aAC9C;SACF,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,qCAAqC,EAAE,KAAK,CAAC,CAAC;QAC5D,iDAAiD;QACjD,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,gBAAgB,GAAG,KAAK,EAAE,MAAwC,EAAE,EAAE;IAC1E,kEAAkE;IAClE,MAAM,aAAa,GAAG,IAAI,mBAAmB,CAAC;QAC5C,GAAG,MAAM,EAAE,OAAO,EAAE,MAAM;QAC1B,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI;KAC1C,CAAC,CAAC;IACH,MAAM,OAAO,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;IAE9C,iFAAiF;IACjF,6EAA6E;IAC7E,4EAA4E;IAC5E,MAAM,qBAAqB,GACzB,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IACvD,MAAM,UAAU,GAAG,qBAAqB,EAAE,IAAI,IAAI,MAAM,EAAE,QAAQ,IAAI,GAAG,CAAC;IAC1E,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,WAAW,CAAC,GAAG,CAAC,cAAc,CAAC,UAAU,EAAE,EAAE,EAAE;QAC7C,MAAM,EAAE,CAAC,EAAE,gCAAgC;QAC3C,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,qBAAqB,EAAE,QAAQ,IAAI,IAAI;QACjD,MAAM,EAAE,qBAAqB,EAAE,MAAM,IAAI,IAAI;QAC7C,QAAQ,EAAE,qBAAqB,EAAE,QAAQ,IAAI,QAAQ;KACtD,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,MAAM,mBAAoB,SAAQ,aAAa;IAC1B;IAAnB,YAAmB,SAAmD,EAAE;QACtE,KAAK,CAAC;YACJ,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,IAAI;SACf,CAAC,CAAC;QAJc,WAAM,GAAN,MAAM,CAA+C;IAKxE,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,GAAgB,CAAC,IAAI,EAAE,CAAC;QAC7D,MAAM,cAAc,GAAG,cAAc,CAAC,IAAI,CAAC;QAE3C,iFAAiF;QACjF,mFAAmF;QACnF,IAAI,cAAc,IAAI,cAAc,KAAK,GAAG,EAAE,CAAC;YAC7C,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;YACpC,MAAM,YAAY,GAAG,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC/C,MAAM,QAAQ,GAAG,0BAA0B,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;YAC/D,IAAI,QAAQ,EAAE,CAAC;gBACb,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACzC,OAAO,WAAW,EAAE,KAAK,IAAI,IAAI,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,GAAG,CACP,GAAc,EACd,KAAa,EACb,uBAA8C,EAAE;QAEhD,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,GAAgB,CAAC,IAAI;YACxD,GAAG,IAAI,CAAC,QAAQ;SACjB,CAAC;QAEF,oEAAoE;QACpE,MAAM,OAAO,GAAG,MAAM,wBAAwB,EAAE,CAAC;QACjD,MAAM,aAAa,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;QAEtD,MAAM,iBAAiB,GAAG;YACxB,GAAG,cAAc;YACjB,GAAG,oBAAoB;YACvB,sDAAsD;YACtD,MAAM,EAAE,aAAa,CAAC,MAAM;YAC5B,QAAQ,EAAE,aAAa,CAAC,QAAQ;SACjC,CAAC;QAEF,2EAA2E;QAC3E,MAAM,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,iBAAiB,CAAC,CAAC;IACvD,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAc;QACzB,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QAEpC,oEAAoE;QACpE,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,GAAgB,CAAC,IAAI,EAAE,CAAC;QAE7D,6EAA6E;QAC7E,6EAA6E;QAC7E,6CAA6C;QAC7C,MAAM,OAAO,GAAG,MAAM,wBAAwB,EAAE,CAAC;QACjD,MAAM,aAAa,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;QAEtD,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,EAAE;YACvB,MAAM,EAAE,CAAC,EAAE,gCAAgC;YAC3C,IAAI,EAAE,cAAc,CAAC,IAAI,IAAI,GAAG;YAChC,MAAM,EAAE,aAAa,CAAC,MAAM;YAC5B,QAAQ,EAAE,aAAa,CAAC,QAAQ;SACjC,CAAC,CAAC;IACL,CAAC;CACF;AAED,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,CAAC","sourcesContent":["import { cookies, headers } from \"next/headers.js\";\nimport { extractCookieFromRawHeader } from \"@/shared/lib/cookieUtils.js\";\n\nimport type { KeySetter } from \"@/shared/lib/types.js\";\nimport {\n AuthFlowCookie,\n UserStorage,\n type CookieConfig,\n} from \"@/shared/lib/types.js\";\nimport { CookieStorage } from \"@/shared/lib/storage.js\";\nimport * as session from \"@/shared/lib/session.js\";\nimport { getCookieConfiguration } from \"@/shared/lib/util.js\";\nimport type { AuthConfigWithDefaults } from \"@/nextjs/config.js\";\n\n/*\n Create a mock Request object from Next.js headers for cookie configuration\n /\nconst createRequestFromHeaders = async (): Promise<Request \| undefined> => {\n try {\n const headerStore = await headers();\n const host = headerStore.get(\"host\");\n const userAgent = headerStore.get(\"user-agent\");\n const protocol =\n headerStore.get(\"x-forwarded-proto\") \|\|\n headerStore.get(\"x-forwarded-protocol\") \|\|\n (process.env.NODE_ENV === \"production\" ? \"https\" : \"http\");\n\n if (!host) return undefined;\n\n const url = `${protocol}://${host}/`;\n\n // Create a minimal Request object with the headers we need\n const request = new Request(url, {\n headers: {\n \"user-agent\": userAgent \|\| \"\",\n \"x-forwarded-proto\": headerStore.get(\"x-forwarded-proto\") \|\| \"\",\n \"x-forwarded-protocol\": headerStore.get(\"x-forwarded-protocol\") \|\| \"\",\n forwarded: headerStore.get(\"forwarded\") \|\| \"\",\n },\n });\n\n return request;\n } catch (error) {\n console.error(\"Error creating request from headers\", error);\n // Headers might not be available in all contexts\n return undefined;\n }\n};\n\n/\n Clears all authentication cookies on server. Note, this can only be called by the server\n */\nconst clearAuthCookies = async (config?: Partial<AuthConfigWithDefaults>) => {\n // Use resolved config cookies if available, otherwise use default\n const cookieStorage = new NextjsCookieStorage({\n ...config?.cookies?.tokens,\n [UserStorage.USER]: config?.cookies?.user,\n });\n await session.clearAuthCookies(cookieStorage);\n\n // Also clear auth flow cookies (like returnUrl) that are not part of the session\n // This prevents stale deep-link cookies from being re-instated during logout\n // Use the same path fallback chain as handleCallback's clearReturnUrlCookie\n const returnUrlCookieConfig =\n config?.cookies?.tokens?.[AuthFlowCookie.RETURN_URL];\n const cookiePath = returnUrlCookieConfig?.path ?? config?.basePath ?? \"/\";\n const cookieStore = await cookies();\n cookieStore.set(AuthFlowCookie.RETURN_URL, \"\", {\n maxAge: 0, // Immediately expire the cookie\n path: cookiePath,\n httpOnly: returnUrlCookieConfig?.httpOnly ?? true,\n secure: returnUrlCookieConfig?.secure ?? true,\n sameSite: returnUrlCookieConfig?.sameSite ?? \"strict\",\n });\n};\n\nclass NextjsCookieStorage extends CookieStorage {\n constructor(public config: Partial<Record<KeySetter, CookieConfig>> = {}) {\n super({\n secure: true,\n httpOnly: true,\n });\n }\n\n async get(key: string): Promise<string \| null> {\n const cookieStore = await cookies();\n const cookieSettings = this.config?.[key as KeySetter] \|\| {};\n const configuredPath = cookieSettings.path;\n\n // If we have a non-root basePath, use raw header parsing to get the first cookie\n // which should be from the most specific path, avoiding duplicate cookie conflicts\n if (configuredPath && configuredPath !== \"/\") {\n const headerStore = await headers();\n const cookieHeader = headerStore.get(\"cookie\");\n const rawValue = extractCookieFromRawHeader(cookieHeader, key);\n if (rawValue) {\n return rawValue;\n }\n }\n\n // Fallback to standard Next.js cookie store\n const cookieValue = cookieStore.get(key);\n return cookieValue?.value \|\| null;\n }\n\n async set(\n key: KeySetter,\n value: string,\n cookieConfigOverride: Partial<CookieConfig> = {},\n ): Promise<void> {\n const cookieStore = await cookies();\n const cookieSettings = this.config?.[key as KeySetter] \|\| {\n ...this.settings,\n };\n\n // Get dynamic cookie configuration based on environment and browser\n const request = await createRequestFromHeaders();\n const dynamicConfig = getCookieConfiguration(request);\n\n const useCookieSettings = {\n ...cookieSettings,\n ...cookieConfigOverride,\n // Apply dynamic configuration for secure and sameSite\n secure: dynamicConfig.secure,\n sameSite: dynamicConfig.sameSite,\n };\n\n // Respect the httpOnly setting from configuration instead of hardcoding it\n await cookieStore.set(key, value, useCookieSettings);\n }\n\n async delete(key: KeySetter): Promise<void> {\n const cookieStore = await cookies();\n\n // Get cookie configuration for this key to respect the path setting\n const cookieSettings = this.config?.[key as KeySetter] \|\| {};\n\n // IMPORTANT: Use getCookieConfiguration to match the dynamic secure/sameSite\n // values used when setting the cookie, otherwise the browser won't recognize\n // it as the same cookie and won't delete it.\n const request = await createRequestFromHeaders();\n const dynamicConfig = getCookieConfiguration(request);\n\n cookieStore.set(key, \"\", {\n maxAge: 0, // Immediately expire the cookie\n path: cookieSettings.path \|\| \"/\",\n secure: dynamicConfig.secure,\n sameSite: dynamicConfig.sameSite,\n });\n }\n}\n\nexport { clearAuthCookies, NextjsCookieStorage };\n"]}

package/dist/nextjs/hooks/useInitialAuthConfig.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"useInitialAuthConfig.d.ts","sourceRoot":"","sources":["../../../src/nextjs/hooks/useInitialAuthConfig.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,qCAAqC,CAAC;AAC5E,OAAO,KAAK,EACV,aAAa,EACb,oBAAoB,EACrB,MAAM,qCAAqC,CAAC;AAC7C,OAAO,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAKnD,MAAM,WAAW,2BAA2B;IAC1C,WAAW,CAAC,EAAE,oBAAoB,CAAC;IACnC,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,UAAU,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sBAAsB,CAAC,EAAE,WAAW,GAAG,MAAM,CAAC;IAC9C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;IACrD,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,6BAA6B;IAC5C,WAAW,CAAC,EAAE,oBAAoB,CAAC;IACnC,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,sBAAsB,CAAC,EAAE,MAAM,CAAC;CACjC;AAED;;;GAGG;AACH,eAAO,MAAM,oBAAoB,~~aACtB~~,~~2BAA2B~~,~~KACnC~~;IACD,aAAa,EAAE,gBAAgB,CAAC;IAChC,yBAAyB,EAAE,CACzB,SAAS,CAAC,EAAE,6BAA6B,KACtC,gBAAgB,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,OAAO,CAAC;CAkKvB,CAAC"}
1	+ {"version":3,"file":"useInitialAuthConfig.d.ts","sourceRoot":"","sources":["../../../src/nextjs/hooks/useInitialAuthConfig.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,qCAAqC,CAAC;AAC5E,OAAO,KAAK,EACV,aAAa,EACb,oBAAoB,EACrB,MAAM,qCAAqC,CAAC;AAC7C,OAAO,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAKnD,MAAM,WAAW,2BAA2B;IAC1C,WAAW,CAAC,EAAE,oBAAoB,CAAC;IACnC,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,UAAU,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sBAAsB,CAAC,EAAE,WAAW,GAAG,MAAM,CAAC;IAC9C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;IACrD,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,6BAA6B;IAC5C,WAAW,CAAC,EAAE,oBAAoB,CAAC;IACnC,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,sBAAsB,CAAC,EAAE,MAAM,CAAC;CACjC;AAED;;;GAGG;AACH,eAAO,MAAM,oBAAoB,GAC/B,UAAS,2BAAgC,KACxC;IACD,aAAa,EAAE,gBAAgB,CAAC;IAChC,yBAAyB,EAAE,CACzB,SAAS,CAAC,EAAE,6BAA6B,KACtC,gBAAgB,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,OAAO,CAAC;CAkKvB,CAAC"}

package/dist/nextjs/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/nextjs/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAWvD,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAChF,OAAO,EAAE,iBAAiB,EAAE,CAAC;AAE7B,OAAO,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAmB9E,eAAO,MAAM,UAAU,QAAa,OAAO,CAAC,OAAO,CAIlD,CAAC;AAEF,eAAO,MAAM,OAAO,GAClB,CAAC,SAAS,aAAa,~~qBACpB~~,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAK1B,CAAC;AAEF,eAAO,MAAM,SAAS,QAAa,OAAO,CAAC,WAAW,GAAG,IAAI,CAK5D,CAAC;AAEF,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,YAAY,EACV,UAAU,EACV,mBAAmB,EACnB,sBAAsB,EACtB,gBAAgB,EAChB,cAAc,GACf,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,qBAAqB,IAAI,iBAAiB,EAC1C,KAAK,0BAA0B,IAAI,iBAAiB,GACrD,MAAM,wCAAwC,CAAC;AAGhD,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/nextjs/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAWvD,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAChF,OAAO,EAAE,iBAAiB,EAAE,CAAC;AAE7B,OAAO,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAmB9E,eAAO,MAAM,UAAU,QAAa,OAAO,CAAC,OAAO,CAIlD,CAAC;AAEF,eAAO,MAAM,OAAO,GAClB,CAAC,SAAS,aAAa,GAAG,WAAW,OAClC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAK1B,CAAC;AAEF,eAAO,MAAM,SAAS,QAAa,OAAO,CAAC,WAAW,GAAG,IAAI,CAK5D,CAAC;AAEF,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,YAAY,EACV,UAAU,EACV,mBAAmB,EACnB,sBAAsB,EACtB,gBAAgB,EAChB,cAAc,GACf,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,qBAAqB,IAAI,iBAAiB,EAC1C,KAAK,0BAA0B,IAAI,iBAAiB,GACrD,MAAM,wCAAwC,CAAC;AAGhD,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/nextjs/middleware.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/nextjs/middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,KAAK,EACV,sBAAsB,EACtB,kBAAkB,EACnB,MAAM,oBAAoB,CAAC;AAI5B,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;~~AAS9C~~,OAAO,EAAE,6BAA6B,EAAE,MAAM,YAAY,CAAC;~~AAK3D~~,KAAK,UAAU,GAAG,CAChB,OAAO,EAAE,WAAW,KACjB,OAAO,CAAC,YAAY,CAAC,GAAG,YAAY,CAAC;AAE1C;;;;;;GAMG;AACH,eAAO,MAAM,2BAA2B,~~2BACd~~,sBAAsB,~~WACrC~~,6BAA6B,KACrC,OAAO,CAAC,WAAW,CAgBrB,CAAC;~~AAkGF~~;;;;;;;GAOG;AACH,eAAO,MAAM,cAAc,~~gBACZ~~,~~kBAAkB~~,~~eACf~~,WAAW,KAAG,OAAO,CAAC,YAAY,CAOjD,CAAC;AAEJ;;;;;;;GAOG;AAEH,wBAAgB,QAAQ,CACtB,UAAU,EAAE,UAAU,GACrB,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,YAAY,CAAC,CAEjD;AAKD;;;;;;;;;;GAUG;AACH,wBAAgB,IAAI,CAAC,UAAU,GAAE,kBAAuB,~~gBAExC~~,UAAU,KACrB,CAAC,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,YAAY,CAAC,CAAC,CA2BrD"}
1	+ {"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/nextjs/middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,KAAK,EACV,sBAAsB,EACtB,kBAAkB,EACnB,MAAM,oBAAoB,CAAC;AAI5B,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAW9C,OAAO,EAAE,6BAA6B,EAAE,MAAM,YAAY,CAAC;AAM3D,KAAK,UAAU,GAAG,CAChB,OAAO,EAAE,WAAW,KACjB,OAAO,CAAC,YAAY,CAAC,GAAG,YAAY,CAAC;AAE1C;;;;;;GAMG;AACH,eAAO,MAAM,2BAA2B,GACtC,wBAAwB,sBAAsB,EAC9C,SAAS,6BAA6B,KACrC,OAAO,CAAC,WAAW,CAgBrB,CAAC;AAuHF;;;;;;;GAOG;AACH,eAAO,MAAM,cAAc,GACxB,aAAY,kBAAuB,MAC7B,SAAS,WAAW,KAAG,OAAO,CAAC,YAAY,CAOjD,CAAC;AAEJ;;;;;;;GAOG;AAEH,wBAAgB,QAAQ,CACtB,UAAU,EAAE,UAAU,GACrB,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,YAAY,CAAC,CAEjD;AAKD;;;;;;;;;;GAUG;AACH,wBAAgB,IAAI,CAAC,UAAU,GAAE,kBAAuB,IAEpD,YAAY,UAAU,KACrB,CAAC,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,YAAY,CAAC,CAAC,CA2BrD"}