@civic/auth 0.2.4 → 0.2.5-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (524) hide show
  1. package/dist/cjs/nextjs/config.d.ts +26 -8
  2. package/dist/cjs/nextjs/config.d.ts.map +1 -1
  3. package/dist/cjs/nextjs/config.js +21 -3
  4. package/dist/cjs/nextjs/config.js.map +1 -1
  5. package/dist/cjs/nextjs/cookies.d.ts +9 -13
  6. package/dist/cjs/nextjs/cookies.d.ts.map +1 -1
  7. package/dist/cjs/nextjs/cookies.js +5 -28
  8. package/dist/cjs/nextjs/cookies.js.map +1 -1
  9. package/dist/cjs/nextjs/index.d.ts +2 -2
  10. package/dist/cjs/nextjs/index.d.ts.map +1 -1
  11. package/dist/cjs/nextjs/index.js +3 -4
  12. package/dist/cjs/nextjs/index.js.map +1 -1
  13. package/dist/cjs/nextjs/middleware.d.ts +3 -3
  14. package/dist/cjs/nextjs/middleware.d.ts.map +1 -1
  15. package/dist/cjs/nextjs/middleware.js.map +1 -1
  16. package/dist/cjs/nextjs/providers/NextAuthProvider.d.ts.map +1 -1
  17. package/dist/cjs/nextjs/providers/NextAuthProvider.js +2 -2
  18. package/dist/cjs/nextjs/providers/NextAuthProvider.js.map +1 -1
  19. package/dist/cjs/nextjs/routeHandler.d.ts.map +1 -1
  20. package/dist/cjs/nextjs/routeHandler.js +16 -10
  21. package/dist/cjs/nextjs/routeHandler.js.map +1 -1
  22. package/dist/cjs/shared/index.d.ts +1 -0
  23. package/dist/cjs/shared/index.d.ts.map +1 -1
  24. package/dist/cjs/shared/index.js +3 -1
  25. package/dist/cjs/shared/index.js.map +1 -1
  26. package/dist/cjs/shared/lib/BrowserCookieStorage.d.ts +7 -0
  27. package/dist/cjs/shared/lib/BrowserCookieStorage.d.ts.map +1 -0
  28. package/dist/cjs/shared/lib/BrowserCookieStorage.js +55 -0
  29. package/dist/cjs/shared/lib/BrowserCookieStorage.js.map +1 -0
  30. package/dist/cjs/shared/version.d.ts +1 -1
  31. package/dist/cjs/shared/version.d.ts.map +1 -1
  32. package/dist/cjs/shared/version.js +1 -1
  33. package/dist/cjs/shared/version.js.map +1 -1
  34. package/dist/esm/nextjs/config.d.ts +26 -8
  35. package/dist/esm/nextjs/config.d.ts.map +1 -1
  36. package/dist/esm/nextjs/config.js +21 -3
  37. package/dist/esm/nextjs/config.js.map +1 -1
  38. package/dist/esm/nextjs/cookies.d.ts +9 -13
  39. package/dist/esm/nextjs/cookies.d.ts.map +1 -1
  40. package/dist/esm/nextjs/cookies.js +8 -29
  41. package/dist/esm/nextjs/cookies.js.map +1 -1
  42. package/dist/esm/nextjs/index.d.ts +2 -2
  43. package/dist/esm/nextjs/index.d.ts.map +1 -1
  44. package/dist/esm/nextjs/index.js +4 -4
  45. package/dist/esm/nextjs/index.js.map +1 -1
  46. package/dist/esm/nextjs/middleware.d.ts +3 -3
  47. package/dist/esm/nextjs/middleware.d.ts.map +1 -1
  48. package/dist/esm/nextjs/middleware.js.map +1 -1
  49. package/dist/esm/nextjs/providers/NextAuthProvider.d.ts.map +1 -1
  50. package/dist/esm/nextjs/providers/NextAuthProvider.js +2 -2
  51. package/dist/esm/nextjs/providers/NextAuthProvider.js.map +1 -1
  52. package/dist/esm/nextjs/routeHandler.d.ts.map +1 -1
  53. package/dist/esm/nextjs/routeHandler.js +17 -11
  54. package/dist/esm/nextjs/routeHandler.js.map +1 -1
  55. package/dist/esm/shared/index.d.ts +1 -0
  56. package/dist/esm/shared/index.d.ts.map +1 -1
  57. package/dist/esm/shared/index.js +1 -0
  58. package/dist/esm/shared/index.js.map +1 -1
  59. package/dist/esm/shared/lib/BrowserCookieStorage.d.ts +7 -0
  60. package/dist/esm/shared/lib/BrowserCookieStorage.d.ts.map +1 -0
  61. package/dist/esm/shared/lib/BrowserCookieStorage.js +51 -0
  62. package/dist/esm/shared/lib/BrowserCookieStorage.js.map +1 -0
  63. package/dist/esm/shared/version.d.ts +1 -1
  64. package/dist/esm/shared/version.d.ts.map +1 -1
  65. package/dist/esm/shared/version.js +1 -1
  66. package/dist/esm/shared/version.js.map +1 -1
  67. package/dist/tsconfig.cjs.tsbuildinfo +1 -1
  68. package/dist/tsconfig.esm.tsbuildinfo +1 -1
  69. package/package.json +18 -19
  70. package/dist/generateVersion.d.ts +0 -2
  71. package/dist/generateVersion.d.ts.map +0 -1
  72. package/dist/generateVersion.js +0 -12
  73. package/dist/generateVersion.js.map +0 -1
  74. package/dist/package.json +0 -118
  75. package/dist/src/browser/storage.d.ts +0 -9
  76. package/dist/src/browser/storage.d.ts.map +0 -1
  77. package/dist/src/browser/storage.js +0 -17
  78. package/dist/src/browser/storage.js.map +0 -1
  79. package/dist/src/config.d.ts +0 -3
  80. package/dist/src/config.d.ts.map +0 -1
  81. package/dist/src/config.js +0 -5
  82. package/dist/src/config.js.map +0 -1
  83. package/dist/src/constants.d.ts +0 -8
  84. package/dist/src/constants.d.ts.map +0 -1
  85. package/dist/src/constants.js +0 -16
  86. package/dist/src/constants.js.map +0 -1
  87. package/dist/src/index.d.ts +0 -6
  88. package/dist/src/index.d.ts.map +0 -1
  89. package/dist/src/index.js +0 -4
  90. package/dist/src/index.js.map +0 -1
  91. package/dist/src/lib/cookies.d.ts +0 -7
  92. package/dist/src/lib/cookies.d.ts.map +0 -1
  93. package/dist/src/lib/cookies.js +0 -25
  94. package/dist/src/lib/cookies.js.map +0 -1
  95. package/dist/src/lib/jwt.d.ts +0 -3
  96. package/dist/src/lib/jwt.d.ts.map +0 -1
  97. package/dist/src/lib/jwt.js +0 -9
  98. package/dist/src/lib/jwt.js.map +0 -1
  99. package/dist/src/lib/logger.d.ts +0 -26
  100. package/dist/src/lib/logger.d.ts.map +0 -1
  101. package/dist/src/lib/logger.js +0 -55
  102. package/dist/src/lib/logger.js.map +0 -1
  103. package/dist/src/lib/oauth.d.ts +0 -19
  104. package/dist/src/lib/oauth.d.ts.map +0 -1
  105. package/dist/src/lib/oauth.js +0 -61
  106. package/dist/src/lib/oauth.js.map +0 -1
  107. package/dist/src/lib/obj.d.ts +0 -3
  108. package/dist/src/lib/obj.d.ts.map +0 -1
  109. package/dist/src/lib/obj.js +0 -18
  110. package/dist/src/lib/obj.js.map +0 -1
  111. package/dist/src/lib/postMessage.d.ts +0 -4
  112. package/dist/src/lib/postMessage.d.ts.map +0 -1
  113. package/dist/src/lib/postMessage.js +0 -15
  114. package/dist/src/lib/postMessage.js.map +0 -1
  115. package/dist/src/lib/windowUtil.d.ts +0 -4
  116. package/dist/src/lib/windowUtil.d.ts.map +0 -1
  117. package/dist/src/lib/windowUtil.js +0 -31
  118. package/dist/src/lib/windowUtil.js.map +0 -1
  119. package/dist/src/nextjs/GetUser.d.ts +0 -6
  120. package/dist/src/nextjs/GetUser.d.ts.map +0 -1
  121. package/dist/src/nextjs/GetUser.js +0 -7
  122. package/dist/src/nextjs/GetUser.js.map +0 -1
  123. package/dist/src/nextjs/config.d.ts +0 -181
  124. package/dist/src/nextjs/config.d.ts.map +0 -1
  125. package/dist/src/nextjs/config.js +0 -177
  126. package/dist/src/nextjs/config.js.map +0 -1
  127. package/dist/src/nextjs/cookies.d.ts +0 -30
  128. package/dist/src/nextjs/cookies.d.ts.map +0 -1
  129. package/dist/src/nextjs/cookies.js +0 -112
  130. package/dist/src/nextjs/cookies.js.map +0 -1
  131. package/dist/src/nextjs/hooks/index.d.ts +0 -2
  132. package/dist/src/nextjs/hooks/index.d.ts.map +0 -1
  133. package/dist/src/nextjs/hooks/index.js +0 -2
  134. package/dist/src/nextjs/hooks/index.js.map +0 -1
  135. package/dist/src/nextjs/hooks/usePrevious.d.ts +0 -2
  136. package/dist/src/nextjs/hooks/usePrevious.d.ts.map +0 -1
  137. package/dist/src/nextjs/hooks/usePrevious.js +0 -9
  138. package/dist/src/nextjs/hooks/usePrevious.js.map +0 -1
  139. package/dist/src/nextjs/hooks/useUserCookie.d.ts +0 -8
  140. package/dist/src/nextjs/hooks/useUserCookie.d.ts.map +0 -1
  141. package/dist/src/nextjs/hooks/useUserCookie.js +0 -88
  142. package/dist/src/nextjs/hooks/useUserCookie.js.map +0 -1
  143. package/dist/src/nextjs/index.d.ts +0 -7
  144. package/dist/src/nextjs/index.d.ts.map +0 -1
  145. package/dist/src/nextjs/index.js +0 -8
  146. package/dist/src/nextjs/index.js.map +0 -1
  147. package/dist/src/nextjs/middleware/index.d.ts +0 -2
  148. package/dist/src/nextjs/middleware/index.d.ts.map +0 -1
  149. package/dist/src/nextjs/middleware/index.js +0 -4
  150. package/dist/src/nextjs/middleware/index.js.map +0 -1
  151. package/dist/src/nextjs/middleware.d.ts +0 -59
  152. package/dist/src/nextjs/middleware.d.ts.map +0 -1
  153. package/dist/src/nextjs/middleware.js +0 -107
  154. package/dist/src/nextjs/middleware.js.map +0 -1
  155. package/dist/src/nextjs/providers/NextAuthProvider.d.ts +0 -13
  156. package/dist/src/nextjs/providers/NextAuthProvider.d.ts.map +0 -1
  157. package/dist/src/nextjs/providers/NextAuthProvider.js +0 -94
  158. package/dist/src/nextjs/providers/NextAuthProvider.js.map +0 -1
  159. package/dist/src/nextjs/routeHandler.d.ts +0 -19
  160. package/dist/src/nextjs/routeHandler.d.ts.map +0 -1
  161. package/dist/src/nextjs/routeHandler.js +0 -299
  162. package/dist/src/nextjs/routeHandler.js.map +0 -1
  163. package/dist/src/nextjs/utils.d.ts +0 -3
  164. package/dist/src/nextjs/utils.d.ts.map +0 -1
  165. package/dist/src/nextjs/utils.js +0 -5
  166. package/dist/src/nextjs/utils.js.map +0 -1
  167. package/dist/src/reactjs/components/SignInButton.d.ts +0 -8
  168. package/dist/src/reactjs/components/SignInButton.d.ts.map +0 -1
  169. package/dist/src/reactjs/components/SignInButton.js +0 -14
  170. package/dist/src/reactjs/components/SignInButton.js.map +0 -1
  171. package/dist/src/reactjs/components/SignOutButton.d.ts +0 -6
  172. package/dist/src/reactjs/components/SignOutButton.d.ts.map +0 -1
  173. package/dist/src/reactjs/components/SignOutButton.js +0 -14
  174. package/dist/src/reactjs/components/SignOutButton.js.map +0 -1
  175. package/dist/src/reactjs/components/UserButton.d.ts +0 -6
  176. package/dist/src/reactjs/components/UserButton.d.ts.map +0 -1
  177. package/dist/src/reactjs/components/UserButton.js +0 -118
  178. package/dist/src/reactjs/components/UserButton.js.map +0 -1
  179. package/dist/src/reactjs/components/index.d.ts +0 -6
  180. package/dist/src/reactjs/components/index.d.ts.map +0 -1
  181. package/dist/src/reactjs/components/index.js +0 -6
  182. package/dist/src/reactjs/components/index.js.map +0 -1
  183. package/dist/src/reactjs/hooks/index.d.ts +0 -6
  184. package/dist/src/reactjs/hooks/index.d.ts.map +0 -1
  185. package/dist/src/reactjs/hooks/index.js +0 -6
  186. package/dist/src/reactjs/hooks/index.js.map +0 -1
  187. package/dist/src/reactjs/hooks/useAuth.d.ts +0 -3
  188. package/dist/src/reactjs/hooks/useAuth.d.ts.map +0 -1
  189. package/dist/src/reactjs/hooks/useAuth.js +0 -12
  190. package/dist/src/reactjs/hooks/useAuth.js.map +0 -1
  191. package/dist/src/reactjs/hooks/useClientTokenExchangeSession.d.ts +0 -3
  192. package/dist/src/reactjs/hooks/useClientTokenExchangeSession.d.ts.map +0 -1
  193. package/dist/src/reactjs/hooks/useClientTokenExchangeSession.js +0 -13
  194. package/dist/src/reactjs/hooks/useClientTokenExchangeSession.js.map +0 -1
  195. package/dist/src/reactjs/hooks/useUser.d.ts +0 -4
  196. package/dist/src/reactjs/hooks/useUser.d.ts.map +0 -1
  197. package/dist/src/reactjs/hooks/useUser.js +0 -12
  198. package/dist/src/reactjs/hooks/useUser.js.map +0 -1
  199. package/dist/src/reactjs/index.d.ts +0 -6
  200. package/dist/src/reactjs/index.d.ts.map +0 -1
  201. package/dist/src/reactjs/index.js +0 -10
  202. package/dist/src/reactjs/index.js.map +0 -1
  203. package/dist/src/reactjs/providers/AuthProvider.d.ts +0 -11
  204. package/dist/src/reactjs/providers/AuthProvider.d.ts.map +0 -1
  205. package/dist/src/reactjs/providers/AuthProvider.js +0 -76
  206. package/dist/src/reactjs/providers/AuthProvider.js.map +0 -1
  207. package/dist/src/reactjs/providers/CivicAuthProvider.d.ts +0 -6
  208. package/dist/src/reactjs/providers/CivicAuthProvider.d.ts.map +0 -1
  209. package/dist/src/reactjs/providers/CivicAuthProvider.js +0 -32
  210. package/dist/src/reactjs/providers/CivicAuthProvider.js.map +0 -1
  211. package/dist/src/reactjs/providers/ClientTokenExchangeSessionProvider.d.ts +0 -17
  212. package/dist/src/reactjs/providers/ClientTokenExchangeSessionProvider.d.ts.map +0 -1
  213. package/dist/src/reactjs/providers/ClientTokenExchangeSessionProvider.js +0 -148
  214. package/dist/src/reactjs/providers/ClientTokenExchangeSessionProvider.js.map +0 -1
  215. package/dist/src/reactjs/providers/index.d.ts +0 -8
  216. package/dist/src/reactjs/providers/index.d.ts.map +0 -1
  217. package/dist/src/reactjs/providers/index.js +0 -7
  218. package/dist/src/reactjs/providers/index.js.map +0 -1
  219. package/dist/src/server/ServerAuthenticationResolver.d.ts +0 -20
  220. package/dist/src/server/ServerAuthenticationResolver.d.ts.map +0 -1
  221. package/dist/src/server/ServerAuthenticationResolver.js +0 -67
  222. package/dist/src/server/ServerAuthenticationResolver.js.map +0 -1
  223. package/dist/src/server/config.d.ts +0 -10
  224. package/dist/src/server/config.d.ts.map +0 -1
  225. package/dist/src/server/config.js +0 -2
  226. package/dist/src/server/config.js.map +0 -1
  227. package/dist/src/server/index.d.ts +0 -7
  228. package/dist/src/server/index.d.ts.map +0 -1
  229. package/dist/src/server/index.js +0 -7
  230. package/dist/src/server/index.js.map +0 -1
  231. package/dist/src/server/login.d.ts +0 -21
  232. package/dist/src/server/login.d.ts.map +0 -1
  233. package/dist/src/server/login.js +0 -56
  234. package/dist/src/server/login.js.map +0 -1
  235. package/dist/src/server/refresh.d.ts +0 -7
  236. package/dist/src/server/refresh.d.ts.map +0 -1
  237. package/dist/src/server/refresh.js +0 -13
  238. package/dist/src/server/refresh.js.map +0 -1
  239. package/dist/src/services/AuthenticationService.d.ts +0 -91
  240. package/dist/src/services/AuthenticationService.d.ts.map +0 -1
  241. package/dist/src/services/AuthenticationService.js +0 -322
  242. package/dist/src/services/AuthenticationService.js.map +0 -1
  243. package/dist/src/services/PKCE.d.ts +0 -20
  244. package/dist/src/services/PKCE.d.ts.map +0 -1
  245. package/dist/src/services/PKCE.js +0 -44
  246. package/dist/src/services/PKCE.js.map +0 -1
  247. package/dist/src/services/types.d.ts +0 -24
  248. package/dist/src/services/types.d.ts.map +0 -1
  249. package/dist/src/services/types.js +0 -7
  250. package/dist/src/services/types.js.map +0 -1
  251. package/dist/src/shared/components/BlockDisplay.d.ts +0 -7
  252. package/dist/src/shared/components/BlockDisplay.d.ts.map +0 -1
  253. package/dist/src/shared/components/BlockDisplay.js +0 -25
  254. package/dist/src/shared/components/BlockDisplay.js.map +0 -1
  255. package/dist/src/shared/components/CivicAuthIframe.d.ts +0 -9
  256. package/dist/src/shared/components/CivicAuthIframe.d.ts.map +0 -1
  257. package/dist/src/shared/components/CivicAuthIframe.js +0 -8
  258. package/dist/src/shared/components/CivicAuthIframe.js.map +0 -1
  259. package/dist/src/shared/components/CivicAuthIframeContainer.d.ts +0 -13
  260. package/dist/src/shared/components/CivicAuthIframeContainer.d.ts.map +0 -1
  261. package/dist/src/shared/components/CivicAuthIframeContainer.js +0 -138
  262. package/dist/src/shared/components/CivicAuthIframeContainer.js.map +0 -1
  263. package/dist/src/shared/components/CivicAuthLogoutIframeContainer.d.ts +0 -7
  264. package/dist/src/shared/components/CivicAuthLogoutIframeContainer.d.ts.map +0 -1
  265. package/dist/src/shared/components/CivicAuthLogoutIframeContainer.js +0 -22
  266. package/dist/src/shared/components/CivicAuthLogoutIframeContainer.js.map +0 -1
  267. package/dist/src/shared/components/CloseIcon.d.ts +0 -4
  268. package/dist/src/shared/components/CloseIcon.d.ts.map +0 -1
  269. package/dist/src/shared/components/CloseIcon.js +0 -6
  270. package/dist/src/shared/components/CloseIcon.js.map +0 -1
  271. package/dist/src/shared/components/IFrameAndLoading.d.ts +0 -8
  272. package/dist/src/shared/components/IFrameAndLoading.d.ts.map +0 -1
  273. package/dist/src/shared/components/IFrameAndLoading.js +0 -27
  274. package/dist/src/shared/components/IFrameAndLoading.js.map +0 -1
  275. package/dist/src/shared/components/LoadingIcon.d.ts +0 -4
  276. package/dist/src/shared/components/LoadingIcon.d.ts.map +0 -1
  277. package/dist/src/shared/components/LoadingIcon.js +0 -30
  278. package/dist/src/shared/components/LoadingIcon.js.map +0 -1
  279. package/dist/src/shared/hooks/index.d.ts +0 -11
  280. package/dist/src/shared/hooks/index.d.ts.map +0 -1
  281. package/dist/src/shared/hooks/index.js +0 -11
  282. package/dist/src/shared/hooks/index.js.map +0 -1
  283. package/dist/src/shared/hooks/useAuth.d.ts +0 -3
  284. package/dist/src/shared/hooks/useAuth.d.ts.map +0 -1
  285. package/dist/src/shared/hooks/useAuth.js +0 -12
  286. package/dist/src/shared/hooks/useAuth.js.map +0 -1
  287. package/dist/src/shared/hooks/useCivicAuthConfig.d.ts +0 -3
  288. package/dist/src/shared/hooks/useCivicAuthConfig.d.ts.map +0 -1
  289. package/dist/src/shared/hooks/useCivicAuthConfig.js +0 -10
  290. package/dist/src/shared/hooks/useCivicAuthConfig.js.map +0 -1
  291. package/dist/src/shared/hooks/useClientTokenExchangeSession.d.ts +0 -3
  292. package/dist/src/shared/hooks/useClientTokenExchangeSession.d.ts.map +0 -1
  293. package/dist/src/shared/hooks/useClientTokenExchangeSession.js +0 -13
  294. package/dist/src/shared/hooks/useClientTokenExchangeSession.js.map +0 -1
  295. package/dist/src/shared/hooks/useCurrentUrl.d.ts +0 -3
  296. package/dist/src/shared/hooks/useCurrentUrl.d.ts.map +0 -1
  297. package/dist/src/shared/hooks/useCurrentUrl.js +0 -24
  298. package/dist/src/shared/hooks/useCurrentUrl.js.map +0 -1
  299. package/dist/src/shared/hooks/useIframe.d.ts +0 -3
  300. package/dist/src/shared/hooks/useIframe.d.ts.map +0 -1
  301. package/dist/src/shared/hooks/useIframe.js +0 -13
  302. package/dist/src/shared/hooks/useIframe.js.map +0 -1
  303. package/dist/src/shared/hooks/useIsInIframe.d.ts +0 -3
  304. package/dist/src/shared/hooks/useIsInIframe.d.ts.map +0 -1
  305. package/dist/src/shared/hooks/useIsInIframe.js +0 -14
  306. package/dist/src/shared/hooks/useIsInIframe.js.map +0 -1
  307. package/dist/src/shared/hooks/useOAuthEndpoints.d.ts +0 -4
  308. package/dist/src/shared/hooks/useOAuthEndpoints.d.ts.map +0 -1
  309. package/dist/src/shared/hooks/useOAuthEndpoints.js +0 -14
  310. package/dist/src/shared/hooks/useOAuthEndpoints.js.map +0 -1
  311. package/dist/src/shared/hooks/useRefresh.d.ts +0 -4
  312. package/dist/src/shared/hooks/useRefresh.d.ts.map +0 -1
  313. package/dist/src/shared/hooks/useRefresh.js +0 -38
  314. package/dist/src/shared/hooks/useRefresh.js.map +0 -1
  315. package/dist/src/shared/hooks/useSession.d.ts +0 -3
  316. package/dist/src/shared/hooks/useSession.d.ts.map +0 -1
  317. package/dist/src/shared/hooks/useSession.js +0 -13
  318. package/dist/src/shared/hooks/useSession.js.map +0 -1
  319. package/dist/src/shared/hooks/useSignIn.d.ts +0 -15
  320. package/dist/src/shared/hooks/useSignIn.d.ts.map +0 -1
  321. package/dist/src/shared/hooks/useSignIn.js +0 -126
  322. package/dist/src/shared/hooks/useSignIn.js.map +0 -1
  323. package/dist/src/shared/hooks/useToken.d.ts +0 -3
  324. package/dist/src/shared/hooks/useToken.d.ts.map +0 -1
  325. package/dist/src/shared/hooks/useToken.js +0 -12
  326. package/dist/src/shared/hooks/useToken.js.map +0 -1
  327. package/dist/src/shared/hooks/useWindowFocused.d.ts +0 -5
  328. package/dist/src/shared/hooks/useWindowFocused.d.ts.map +0 -1
  329. package/dist/src/shared/hooks/useWindowFocused.js +0 -21
  330. package/dist/src/shared/hooks/useWindowFocused.js.map +0 -1
  331. package/dist/src/shared/index.d.ts +0 -5
  332. package/dist/src/shared/index.d.ts.map +0 -1
  333. package/dist/src/shared/index.js +0 -16
  334. package/dist/src/shared/index.js.map +0 -1
  335. package/dist/src/shared/lib/GenericAuthenticationRefresher.d.ts +0 -20
  336. package/dist/src/shared/lib/GenericAuthenticationRefresher.d.ts.map +0 -1
  337. package/dist/src/shared/lib/GenericAuthenticationRefresher.js +0 -73
  338. package/dist/src/shared/lib/GenericAuthenticationRefresher.js.map +0 -1
  339. package/dist/src/shared/lib/UserSession.d.ts +0 -12
  340. package/dist/src/shared/lib/UserSession.d.ts.map +0 -1
  341. package/dist/src/shared/lib/UserSession.js +0 -20
  342. package/dist/src/shared/lib/UserSession.js.map +0 -1
  343. package/dist/src/shared/lib/session.d.ts +0 -3
  344. package/dist/src/shared/lib/session.d.ts.map +0 -1
  345. package/dist/src/shared/lib/session.js +0 -21
  346. package/dist/src/shared/lib/session.js.map +0 -1
  347. package/dist/src/shared/lib/storage.d.ts +0 -25
  348. package/dist/src/shared/lib/storage.d.ts.map +0 -1
  349. package/dist/src/shared/lib/storage.js +0 -17
  350. package/dist/src/shared/lib/storage.js.map +0 -1
  351. package/dist/src/shared/lib/types.d.ts +0 -36
  352. package/dist/src/shared/lib/types.d.ts.map +0 -1
  353. package/dist/src/shared/lib/types.js +0 -18
  354. package/dist/src/shared/lib/types.js.map +0 -1
  355. package/dist/src/shared/lib/util.d.ts +0 -34
  356. package/dist/src/shared/lib/util.d.ts.map +0 -1
  357. package/dist/src/shared/lib/util.js +0 -137
  358. package/dist/src/shared/lib/util.js.map +0 -1
  359. package/dist/src/shared/providers/AuthContext.d.ts +0 -11
  360. package/dist/src/shared/providers/AuthContext.d.ts.map +0 -1
  361. package/dist/src/shared/providers/AuthContext.js +0 -3
  362. package/dist/src/shared/providers/AuthContext.js.map +0 -1
  363. package/dist/src/shared/providers/AuthProvider.d.ts +0 -22
  364. package/dist/src/shared/providers/AuthProvider.d.ts.map +0 -1
  365. package/dist/src/shared/providers/AuthProvider.js +0 -72
  366. package/dist/src/shared/providers/AuthProvider.js.map +0 -1
  367. package/dist/src/shared/providers/CivicAuthConfigContext.d.ts +0 -18
  368. package/dist/src/shared/providers/CivicAuthConfigContext.d.ts.map +0 -1
  369. package/dist/src/shared/providers/CivicAuthConfigContext.js +0 -52
  370. package/dist/src/shared/providers/CivicAuthConfigContext.js.map +0 -1
  371. package/dist/src/shared/providers/CivicAuthProvider.d.ts +0 -6
  372. package/dist/src/shared/providers/CivicAuthProvider.d.ts.map +0 -1
  373. package/dist/src/shared/providers/CivicAuthProvider.js +0 -32
  374. package/dist/src/shared/providers/CivicAuthProvider.js.map +0 -1
  375. package/dist/src/shared/providers/ClientTokenExchangeSessionProvider.d.ts +0 -17
  376. package/dist/src/shared/providers/ClientTokenExchangeSessionProvider.d.ts.map +0 -1
  377. package/dist/src/shared/providers/ClientTokenExchangeSessionProvider.js +0 -131
  378. package/dist/src/shared/providers/ClientTokenExchangeSessionProvider.js.map +0 -1
  379. package/dist/src/shared/providers/IframeProvider.d.ts +0 -22
  380. package/dist/src/shared/providers/IframeProvider.d.ts.map +0 -1
  381. package/dist/src/shared/providers/IframeProvider.js +0 -35
  382. package/dist/src/shared/providers/IframeProvider.js.map +0 -1
  383. package/dist/src/shared/providers/SessionProvider.d.ts +0 -19
  384. package/dist/src/shared/providers/SessionProvider.d.ts.map +0 -1
  385. package/dist/src/shared/providers/SessionProvider.js +0 -23
  386. package/dist/src/shared/providers/SessionProvider.js.map +0 -1
  387. package/dist/src/shared/providers/TokenProvider.d.ts +0 -18
  388. package/dist/src/shared/providers/TokenProvider.d.ts.map +0 -1
  389. package/dist/src/shared/providers/TokenProvider.js +0 -42
  390. package/dist/src/shared/providers/TokenProvider.js.map +0 -1
  391. package/dist/src/shared/providers/UserProvider.d.ts +0 -24
  392. package/dist/src/shared/providers/UserProvider.d.ts.map +0 -1
  393. package/dist/src/shared/providers/UserProvider.js +0 -52
  394. package/dist/src/shared/providers/UserProvider.js.map +0 -1
  395. package/dist/src/shared/providers/types.d.ts +0 -15
  396. package/dist/src/shared/providers/types.d.ts.map +0 -1
  397. package/dist/src/shared/providers/types.js +0 -2
  398. package/dist/src/shared/providers/types.js.map +0 -1
  399. package/dist/src/shared/version.d.ts +0 -2
  400. package/dist/src/shared/version.d.ts.map +0 -1
  401. package/dist/src/shared/version.js +0 -3
  402. package/dist/src/shared/version.js.map +0 -1
  403. package/dist/src/types.d.ts +0 -148
  404. package/dist/src/types.d.ts.map +0 -1
  405. package/dist/src/types.js +0 -4
  406. package/dist/src/types.js.map +0 -1
  407. package/dist/src/utils.d.ts +0 -15
  408. package/dist/src/utils.d.ts.map +0 -1
  409. package/dist/src/utils.js +0 -43
  410. package/dist/src/utils.js.map +0 -1
  411. package/dist/src/version.d.ts +0 -2
  412. package/dist/src/version.d.ts.map +0 -1
  413. package/dist/src/version.js +0 -3
  414. package/dist/src/version.js.map +0 -1
  415. package/dist/test/integration/sdk.test.d.ts +0 -2
  416. package/dist/test/integration/sdk.test.d.ts.map +0 -1
  417. package/dist/test/integration/sdk.test.js +0 -237
  418. package/dist/test/integration/sdk.test.js.map +0 -1
  419. package/dist/test/support/fixtures.d.ts +0 -26
  420. package/dist/test/support/fixtures.d.ts.map +0 -1
  421. package/dist/test/support/fixtures.js +0 -55
  422. package/dist/test/support/fixtures.js.map +0 -1
  423. package/dist/test/support/tokens.json +0 -26
  424. package/dist/test/unit/lib/oauth.test.d.ts +0 -2
  425. package/dist/test/unit/lib/oauth.test.d.ts.map +0 -1
  426. package/dist/test/unit/lib/oauth.test.js +0 -56
  427. package/dist/test/unit/lib/oauth.test.js.map +0 -1
  428. package/dist/test/unit/lib/obj.test.d.ts +0 -2
  429. package/dist/test/unit/lib/obj.test.d.ts.map +0 -1
  430. package/dist/test/unit/lib/obj.test.js +0 -37
  431. package/dist/test/unit/lib/obj.test.js.map +0 -1
  432. package/dist/test/unit/logger.test.d.ts +0 -2
  433. package/dist/test/unit/logger.test.d.ts.map +0 -1
  434. package/dist/test/unit/logger.test.js +0 -141
  435. package/dist/test/unit/logger.test.js.map +0 -1
  436. package/dist/test/unit/nextjs/NextAuthProvider.test.d.ts +0 -2
  437. package/dist/test/unit/nextjs/NextAuthProvider.test.d.ts.map +0 -1
  438. package/dist/test/unit/nextjs/NextAuthProvider.test.js +0 -31
  439. package/dist/test/unit/nextjs/NextAuthProvider.test.js.map +0 -1
  440. package/dist/test/unit/nextjs/config.test.d.ts +0 -2
  441. package/dist/test/unit/nextjs/config.test.d.ts.map +0 -1
  442. package/dist/test/unit/nextjs/config.test.js +0 -203
  443. package/dist/test/unit/nextjs/config.test.js.map +0 -1
  444. package/dist/test/unit/nextjs/getUser.test.d.ts +0 -2
  445. package/dist/test/unit/nextjs/getUser.test.d.ts.map +0 -1
  446. package/dist/test/unit/nextjs/getUser.test.js +0 -22
  447. package/dist/test/unit/nextjs/getUser.test.js.map +0 -1
  448. package/dist/test/unit/nextjs/handler.test.d.ts +0 -2
  449. package/dist/test/unit/nextjs/handler.test.d.ts.map +0 -1
  450. package/dist/test/unit/nextjs/handler.test.js +0 -235
  451. package/dist/test/unit/nextjs/handler.test.js.map +0 -1
  452. package/dist/test/unit/nextjs/middleware.test.d.ts +0 -2
  453. package/dist/test/unit/nextjs/middleware.test.d.ts.map +0 -1
  454. package/dist/test/unit/nextjs/middleware.test.js +0 -113
  455. package/dist/test/unit/nextjs/middleware.test.js.map +0 -1
  456. package/dist/test/unit/nextjs/utils.test.d.ts +0 -2
  457. package/dist/test/unit/nextjs/utils.test.d.ts.map +0 -1
  458. package/dist/test/unit/nextjs/utils.test.js +0 -13
  459. package/dist/test/unit/nextjs/utils.test.js.map +0 -1
  460. package/dist/test/unit/publicApi/apiSnapshot.test.d.ts +0 -2
  461. package/dist/test/unit/publicApi/apiSnapshot.test.d.ts.map +0 -1
  462. package/dist/test/unit/publicApi/apiSnapshot.test.js +0 -10
  463. package/dist/test/unit/publicApi/apiSnapshot.test.js.map +0 -1
  464. package/dist/test/unit/react/components/SignInButton.test.d.ts +0 -2
  465. package/dist/test/unit/react/components/SignInButton.test.d.ts.map +0 -1
  466. package/dist/test/unit/react/components/SignInButton.test.js +0 -31
  467. package/dist/test/unit/react/components/SignInButton.test.js.map +0 -1
  468. package/dist/test/unit/react/components/SignOutButton.test.d.ts +0 -2
  469. package/dist/test/unit/react/components/SignOutButton.test.d.ts.map +0 -1
  470. package/dist/test/unit/react/components/SignOutButton.test.js +0 -30
  471. package/dist/test/unit/react/components/SignOutButton.test.js.map +0 -1
  472. package/dist/test/unit/server/login.test.d.ts +0 -2
  473. package/dist/test/unit/server/login.test.d.ts.map +0 -1
  474. package/dist/test/unit/server/login.test.js +0 -184
  475. package/dist/test/unit/server/login.test.js.map +0 -1
  476. package/dist/test/unit/server/refresh.test.d.ts +0 -2
  477. package/dist/test/unit/server/refresh.test.d.ts.map +0 -1
  478. package/dist/test/unit/server/refresh.test.js +0 -55
  479. package/dist/test/unit/server/refresh.test.js.map +0 -1
  480. package/dist/test/unit/server/session.test.d.ts +0 -2
  481. package/dist/test/unit/server/session.test.d.ts.map +0 -1
  482. package/dist/test/unit/server/session.test.js +0 -41
  483. package/dist/test/unit/server/session.test.js.map +0 -1
  484. package/dist/test/unit/services/AuthenticationService.test.d.ts +0 -2
  485. package/dist/test/unit/services/AuthenticationService.test.d.ts.map +0 -1
  486. package/dist/test/unit/services/AuthenticationService.test.js +0 -301
  487. package/dist/test/unit/services/AuthenticationService.test.js.map +0 -1
  488. package/dist/test/unit/services/ServerAuthenticationResolver.test.d.ts +0 -2
  489. package/dist/test/unit/services/ServerAuthenticationResolver.test.d.ts.map +0 -1
  490. package/dist/test/unit/services/ServerAuthenticationResolver.test.js +0 -75
  491. package/dist/test/unit/services/ServerAuthenticationResolver.test.js.map +0 -1
  492. package/dist/test/unit/shared/GenericAuthenticationRefresher.test.d.ts +0 -2
  493. package/dist/test/unit/shared/GenericAuthenticationRefresher.test.d.ts.map +0 -1
  494. package/dist/test/unit/shared/GenericAuthenticationRefresher.test.js +0 -144
  495. package/dist/test/unit/shared/GenericAuthenticationRefresher.test.js.map +0 -1
  496. package/dist/test/unit/shared/UserSession.test.d.ts +0 -2
  497. package/dist/test/unit/shared/UserSession.test.d.ts.map +0 -1
  498. package/dist/test/unit/shared/UserSession.test.js +0 -37
  499. package/dist/test/unit/shared/UserSession.test.js.map +0 -1
  500. package/dist/test/unit/shared/components/CivicAuthIframeContainer.test.d.ts +0 -2
  501. package/dist/test/unit/shared/components/CivicAuthIframeContainer.test.d.ts.map +0 -1
  502. package/dist/test/unit/shared/components/CivicAuthIframeContainer.test.js +0 -122
  503. package/dist/test/unit/shared/components/CivicAuthIframeContainer.test.js.map +0 -1
  504. package/dist/test/unit/shared/printVersion.test.d.ts +0 -2
  505. package/dist/test/unit/shared/printVersion.test.d.ts.map +0 -1
  506. package/dist/test/unit/shared/printVersion.test.js +0 -39
  507. package/dist/test/unit/shared/printVersion.test.js.map +0 -1
  508. package/dist/test/unit/shared/providers/ClientTokenExchangeSessionProvider.test.d.ts +0 -2
  509. package/dist/test/unit/shared/providers/ClientTokenExchangeSessionProvider.test.d.ts.map +0 -1
  510. package/dist/test/unit/shared/providers/ClientTokenExchangeSessionProvider.test.js +0 -108
  511. package/dist/test/unit/shared/providers/ClientTokenExchangeSessionProvider.test.js.map +0 -1
  512. package/dist/test/unit/shared/storage.test.d.ts +0 -2
  513. package/dist/test/unit/shared/storage.test.d.ts.map +0 -1
  514. package/dist/test/unit/shared/storage.test.js +0 -53
  515. package/dist/test/unit/shared/storage.test.js.map +0 -1
  516. package/dist/test/unit/utils.test.d.ts +0 -2
  517. package/dist/test/unit/utils.test.d.ts.map +0 -1
  518. package/dist/test/unit/utils.test.js +0 -40
  519. package/dist/test/unit/utils.test.js.map +0 -1
  520. package/dist/tsconfig.tsbuildinfo +0 -1
  521. package/dist/vitest.config.d.ts +0 -3
  522. package/dist/vitest.config.d.ts.map +0 -1
  523. package/dist/vitest.config.js +0 -44
  524. package/dist/vitest.config.js.map +0 -1
package/dist/cjs/nextjs/routeHandler.js CHANGED
@@ -48,9 +48,15 @@ async function handleChallenge(request, config) {
48
48
  }
49
49
  return server_js_1.NextResponse.json({ status: "success", challenge });
50
50
  }
51
- async function performTokenExchangeAndSetCookies(request, config, code, state, appUrl) {
51
+ async function performTokenExchangeAndSetCookies(config, code, state, appUrl) {
52
52
  const resolvedConfigs = (0, config_js_1.resolveAuthConfig)(config);
53
- const cookieStorage = new cookies_js_1.NextjsCookieStorage(resolvedConfigs.cookies.tokens);
53
+ // TODO This is messy, better would be to fix the config.cookies type to always be <name: settings>
54
+ // rather than nesting the tokens-related ones *and* code-verifier inside "tokens"
55
+ // (despite code-verifier not relating directly to tokens)
56
+ const cookieStorage = new cookies_js_1.NextjsCookieStorage({
57
+ ...resolvedConfigs.cookies.tokens,
58
+ user: resolvedConfigs.cookies.user,
59
+ });
54
60
  const callbackUrl = (0, utils_js_1.resolveCallbackUrl)(resolvedConfigs, appUrl);
55
61
  try {
56
62
  await (0, login_js_1.resolveOAuthAccessCode)(code, state, cookieStorage, {
@@ -66,8 +72,7 @@ async function performTokenExchangeAndSetCookies(request, config, code, state, a
66
72
  if (!user) {
67
73
  throw new AuthError("Failed to get user info", 401);
68
74
  }
69
- const clientStorage = new cookies_js_1.NextjsClientStorage();
70
- const userSession = new UserSession_js_1.GenericUserSession(clientStorage);
75
+ const userSession = new UserSession_js_1.GenericUserSession(cookieStorage);
71
76
  userSession.set(user);
72
77
  }
73
78
  async function handleRefresh(request, config) {
@@ -90,7 +95,7 @@ const generateHtmlResponseWithCallback = (request, callbackUrl) => {
90
95
  // behind a reverse proxy or load balancer
91
96
  const requestUrl = new URL(request.url);
92
97
  const fetchUrl = `${callbackUrl}?${requestUrl.searchParams.toString()}&sameDomainCallback=true`;
93
- return new server_js_1.NextResponse(`<html>
98
+ return new server_js_1.NextResponse(`<html lang="en">
94
99
  <body>
95
100
  <span style="display:none">
96
101
  <script>
@@ -130,7 +135,7 @@ async function handleCallback(request, config) {
130
135
  state,
131
136
  serverTokenExchange: (0, oauth_js_1.serverTokenExchangeFromState)(`${state}`),
132
137
  });
133
- let response = new server_js_1.NextResponse(`<html><body><span style="display:none">${constants_js_1.TOKEN_EXCHANGE_TRIGGER_TEXT}</span></body></html>`);
138
+ let response = new server_js_1.NextResponse(`<html lang="en"><body><span style="display:none">${constants_js_1.TOKEN_EXCHANGE_TRIGGER_TEXT}</span></body></html>`);
134
139
  // in server-side token exchange mode we need to launch a page that will trigger the token exchange
135
140
  // from the same domain, allowing it access to the code_verifier cookie
136
141
  // we only need to do this in redirect mode, as the iframe already triggers a client-side token exchange
@@ -148,7 +153,7 @@ async function handleCallback(request, config) {
148
153
  logger.debug(`handleCallback no code_verifier found, returning ${constants_js_1.TOKEN_EXCHANGE_TRIGGER_TEXT}`);
149
154
  return response;
150
155
  }
151
- await performTokenExchangeAndSetCookies(request, resolvedConfigs, code, state, appUrl);
156
+ await performTokenExchangeAndSetCookies(resolvedConfigs, code, state, appUrl);
152
157
  if (request.url.includes("sameDomainCallback=true")) {
153
158
  logger.debug("handleCallback sameDomainCallback = true, returning redirectUrl", appUrl);
154
159
  return server_js_1.NextResponse.json({
@@ -167,7 +172,7 @@ async function handleCallback(request, config) {
167
172
  // return an empty HTML response so the iframe doesn't show any response
168
173
  // in the short moment between the redirect and the parent window
169
174
  // acknowledging the redirect and closing the iframe
170
- const response = new server_js_1.NextResponse(`<html><span style="display:none">${constants_js_1.TOKEN_EXCHANGE_SUCCESS_TEXT}</span></html>`);
175
+ const response = new server_js_1.NextResponse(`<html lang="en"><span style="display:none">${constants_js_1.TOKEN_EXCHANGE_SUCCESS_TEXT}</span></html>`);
171
176
  response.headers.set("Content-Type", "text/html; charset=utf-8");
172
177
  return response;
173
178
  }
@@ -175,6 +180,7 @@ async function handleCallback(request, config) {
175
180
  * If redirectPath is an absolute path, return it as-is.
176
181
  * Otherwise for relative paths, append it to the current domain.
177
182
  * @param redirectPath
183
+ * @param currentBasePath
178
184
  * @returns
179
185
  */
180
186
  const getAbsoluteRedirectPath = (redirectPath, currentBasePath) => new URL(redirectPath, currentBasePath).href;
@@ -231,7 +237,7 @@ async function handleLogoutCallback(request, config) {
231
237
  const displayMode = (0, oauth_js_1.displayModeFromState)(state, "iframe");
232
238
  const canAccessCookies = !!(await getIdToken(resolvedConfigs));
233
239
  if (canAccessCookies) {
234
- await (0, cookies_js_1.clearAuthCookies)(resolvedConfigs);
240
+ await (0, cookies_js_1.clearAuthCookies)();
235
241
  }
236
242
  let response;
237
243
  // handle logout for iframe display mode
@@ -308,7 +314,7 @@ const handler = (authConfig = {}) => async (request) => {
308
314
  const status = error instanceof AuthError ? error.status : 500;
309
315
  const message = error instanceof Error ? error.message : "Authentication failed";
310
316
  const response = server_js_1.NextResponse.json({ error: message }, { status });
311
- (0, cookies_js_1.clearAuthCookies)(config);
317
+ await (0, cookies_js_1.clearAuthCookies)();
312
318
  return response;
313
319
  }
314
320
  };
package/dist/cjs/nextjs/routeHandler.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"routeHandler.js","sourceRoot":"","sources":["../../../src/nextjs/routeHandler.ts"],"names":[],"mappings":";;;AAsSA,oCA2BC;AAED,oDAiEC;AApYD,iDAGwB;AACxB,+CAA0C;AAC1C,6CAGwB;AAExB,kDAAuD;AACvD,oDAI6B;AAC7B,gDAA4C;AAC5C,gDAAuD;AACvD,gDAA2D;AAC3D,gDAAqE;AACrE,gGAA0F;AAC1F,oDAAkE;AAClE,gEAAiE;AACjE,kDAA8D;AAC9D,4CAA+C;AAE/C,8CAA8C;AAE9C,MAAM,MAAM,GAAG,mBAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;AAE5C,MAAM,SAAU,SAAQ,KAAK;IAGT;IAFlB,YACE,OAAe,EACC,SAAiB,GAAG;QAEpC,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,WAAM,GAAN,MAAM,CAAc;QAGpC,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;IAC1B,CAAC;CACF;AAED,MAAM,SAAS,GAAG,CAAC,OAAoB,EAAiB,EAAE,CACxD,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAY,CAAC,OAAO,CAAC,EAAE,KAAK;IAChD,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AAE7C,MAAM,UAAU,GAAG,KAAK,EAAE,MAAkB,EAA0B,EAAE;IACtE,MAAM,aAAa,GAAG,IAAI,gCAAmB,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;IAC5E,OAAO,aAAa,CAAC,GAAG,CAAC,sBAAW,CAAC,QAAQ,CAAC,CAAC;AACjD,CAAC,CAAC;AAEF;;;;GAIG;AACH,KAAK,UAAU,eAAe,CAC5B,OAAoB,EACpB,MAAkB;IAElB,MAAM,aAAa,GAAG,IAAI,gCAAmB,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,IAAI,yCAA+B,CAAC,aAAa,CAAC,CAAC;IAExE,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,gBAAgB,EAAE,CAAC;IACxD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC1D,IAAI,MAAM,EAAE,CAAC;QACX,aAAa,CAAC,GAAG,CAAC,uBAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,wBAAY,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC;AAC7D,CAAC;AAED,KAAK,UAAU,iCAAiC,CAC9C,OAAoB,EACpB,MAAkB,EAClB,IAAY,EACZ,KAAa,EACb,MAAc;IAEd,MAAM,eAAe,GAAG,IAAA,6BAAiB,EAAC,MAAM,CAAC,CAAC;IAClD,MAAM,aAAa,GAAG,IAAI,gCAAmB,CAAC,eAAe,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAE9E,MAAM,WAAW,GAAG,IAAA,6BAAkB,EAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAChE,IAAI,CAAC;QACH,MAAM,IAAA,iCAAsB,EAAC,IAAI,EAAE,KAAK,EAAE,aAAa,EAAE;YACvD,GAAG,eAAe;YAClB,WAAW,EAAE,WAAW;SACzB,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAC;QAC9C,MAAM,IAAI,SAAS,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,IAAA,kBAAO,GAAE,CAAC;IAC7B,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,SAAS,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,aAAa,GAAG,IAAI,gCAAmB,EAAE,CAAC;IAChD,MAAM,WAAW,GAAG,IAAI,mCAAkB,CAAC,aAAa,CAAC,CAAC;IAC1D,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AACxB,CAAC;AACD,KAAK,UAAU,aAAa,CAC1B,OAAoB,EACpB,MAAkB;IAElB,MAAM,eAAe,GAAG,IAAA,6BAAiB,EAAC,MAAM,CAAC,CAAC;IAClD,MAAM,aAAa,GAAG,IAAI,gCAAmB,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;IAE5E,MAAM,SAAS,GAAG,MAAM,4DAA2B,CAAC,KAAK,CACvD;QACE,QAAQ,EAAE,eAAe,CAAC,QAAQ;QAClC,WAAW,EAAE,eAAe,CAAC,WAAW;QACxC,WAAW,EAAE,eAAe,CAAC,WAAW;QACxC,UAAU,EAAE,eAAe,CAAC,UAAU;KACvC,EACD,aAAa,CACd,CAAC;IACF,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,kBAAkB,EAAE,CAAC;IAEpD,uEAAuE;IACvE,4DAA4D;IAC5D,sCAAsC;IACtC,OAAO,wBAAY,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;AAC1D,CAAC;AAED,MAAM,gCAAgC,GAAG,CACvC,OAAoB,EACpB,WAAmB,EACnB,EAAE;IACF,+EAA+E;IAC/E,0CAA0C;IAC1C,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,QAAQ,GAAG,GAAG,WAAW,IAAI,UAAU,CAAC,YAAY,CAAC,QAAQ,EAAE,0BAA0B,CAAC;IAChG,OAAO,IAAI,wBAAY,CACrB;;;;;;kCAM8B,QAAQ;;;;;;;;;;;;KAYrC,CACF,CAAC;AACJ,CAAC,CAAC;AAEF,KAAK,UAAU,cAAc,CAC3B,OAAoB,EACpB,MAAkB;IAElB,MAAM,eAAe,GAAG,IAAA,6BAAiB,EAAC,MAAM,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACtD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACxD,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,SAAS,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;IAEhE,qEAAqE;IACrE,mGAAmG;IACnG,+FAA+F;IAC/F,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IAElC,gFAAgF;IAChF,wCAAwC;IACxC,yHAAyH;IACzH,wHAAwH;IACxH,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAY,CAAC,WAAW,CAAC,CAAC;IAEnE,IAAI,CAAC,YAAY,IAAI,CAAC,MAAM,EAAE,CAAC;QAC7B,MAAM,CAAC,KAAK,CAAC,uCAAuC,EAAE;YACpD,KAAK;YACL,mBAAmB,EAAE,IAAA,uCAA4B,EAAC,GAAG,KAAK,EAAE,CAAC;SAC9D,CAAC,CAAC;QACH,IAAI,QAAQ,GAAG,IAAI,wBAAY,CAC7B,0CAA0C,0CAA2B,uBAAuB,CAC7F,CAAC;QAEF,mGAAmG;QACnG,uEAAuE;QACvE,wGAAwG;QACxG,sCAAsC;QACtC,IAAI,KAAK,IAAI,IAAA,uCAA4B,EAAC,KAAK,CAAC,EAAE,CAAC;YACjD,MAAM,CAAC,KAAK,CACV,yEAAyE,EACzE;gBACE,UAAU,EAAE,OAAO,CAAC,GAAG;gBACvB,iBAAiB,EAAE,eAAe,CAAC,WAAW;aAC/C,CACF,CAAC;YACF,yEAAyE;YACzE,sDAAsD;YACtD,QAAQ,GAAG,gCAAgC,CACzC,OAAO,EACP,eAAe,CAAC,WAAW,CAC5B,CAAC;QACJ,CAAC;QAED,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,0BAA0B,CAAC,CAAC;QACjE,MAAM,CAAC,KAAK,CACV,oDAAoD,0CAA2B,EAAE,CAClF,CAAC;QACF,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,MAAM,iCAAiC,CACrC,OAAO,EACP,eAAe,EACf,IAAI,EACJ,KAAK,EACL,MAAM,CACP,CAAC;IAEF,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,yBAAyB,CAAC,EAAE,CAAC;QACpD,MAAM,CAAC,KAAK,CACV,iEAAiE,EACjE,MAAM,CACP,CAAC;QACF,OAAO,wBAAY,CAAC,IAAI,CAAC;YACvB,MAAM,EAAE,SAAS;YACjB,WAAW,EAAE,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;IAED,0DAA0D;IAC1D,IAAI,IAAA,uCAA4B,EAAC,KAAK,CAAC,EAAE,CAAC;QACxC,MAAM,CAAC,KAAK,CACV,iEAAiE,EACjE,MAAM,CACP,CAAC;QACF,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,wBAAY,CAAC,QAAQ,CAAC,GAAG,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IACD,wEAAwE;IACxE,iEAAiE;IACjE,oDAAoD;IACpD,MAAM,QAAQ,GAAG,IAAI,wBAAY,CAC/B,oCAAoC,0CAA2B,gBAAgB,CAChF,CAAC;IACF,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,0BAA0B,CAAC,CAAC;IACjE,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;GAKG;AACH,MAAM,uBAAuB,GAAG,CAC9B,YAAoB,EACpB,eAAuB,EACvB,EAAE,CAAC,IAAI,GAAG,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC,IAAI,CAAC;AAEjD,MAAM,wBAAwB,GAAG,CAC/B,OAAoB,EACpB,MAAkB,EACH,EAAE;IACjB,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAA,6BAAiB,EAAC,MAAM,CAAC,CAAC;IAC/C,MAAM,cAAc,GAAG,QAAQ,IAAI,GAAG,CAAC;IAEvC,kEAAkE;IAClE,gCAAgC;IAChC,MAAM,kBAAkB,GAAG,yBAAyB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC1E,IAAI,kBAAkB,EAAE,CAAC;QACvB,OAAO,cAAc,CAAC;IACxB,CAAC;IAED,iFAAiF;IACjF,gFAAgF;IAChF,+EAA+E;IAC/E,+DAA+D;IAC/D,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IAClC,IAAI,MAAM;QAAE,OAAO,uBAAuB,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;IAEnE,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,KAAK,EAAE,GAAW,EAAE,EAAE;IAC9C,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;QACnC,IAAA,yBAAc,EAAC,IAAI,CAAC,CAAC;IACvB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,yCAAyC,EAAE,KAAK,CAAC,CAAC;IAChE,CAAC;AACH,CAAC,CAAC;AAEK,KAAK,UAAU,YAAY,CAChC,OAAoB,EACpB,MAAkB;IAElB,MAAM,eAAe,GAAG,IAAA,6BAAiB,EAAC,MAAM,CAAC,CAAC;IAElD,qCAAqC;IACrC,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,eAAe,CAAC,CAAC;IAElD,2CAA2C;IAC3C,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAExD,IAAI,CAAC,KAAK,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,SAAS,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;IAEnE,MAAM,aAAa,GAAG,IAAI,GAAG,CAC3B,eAAe,CAAC,iBAAiB,EACjC,SAAS,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,GAAG,CAClC,CAAC;IACF,MAAM,SAAS,GAAG,MAAM,IAAA,gCAAsB,EAAC;QAC7C,QAAQ,EAAE,eAAe,CAAC,QAAQ;QAClC,OAAO;QACP,KAAK;QACL,WAAW,EAAE,aAAa,CAAC,IAAI;QAC/B,WAAW,EAAE,eAAe,CAAC,WAAW;KACzC,CAAC,CAAC;IAEH,OAAO,wBAAY,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC;AACpD,CAAC;AAEM,KAAK,UAAU,oBAAoB,CACxC,OAAoB,EACpB,MAAkB;IAElB,MAAM,eAAe,GAAG,IAAA,6BAAiB,EAAC,MAAM,CAAC,CAAC;IAClD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;IAC9D,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,SAAS,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;IAEvD,MAAM,WAAW,GAAG,IAAA,+BAAoB,EAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IAE1D,MAAM,gBAAgB,GAAG,CAAC,CAAC,CAAC,MAAM,UAAU,CAAC,eAAe,CAAC,CAAC,CAAC;IAC/D,IAAI,gBAAgB,EAAE,CAAC;QACrB,MAAM,IAAA,6BAAgB,EAAC,eAAe,CAAC,CAAC;IAC1C,CAAC;IAED,IAAI,QAAQ,CAAC;IAEb,wCAAwC;IACxC,IAAI,WAAW,KAAK,QAAQ,EAAE,CAAC;QAC7B,sEAAsE;QACtE,0DAA0D;QAC1D,2EAA2E;QAC3E,IAAI,gBAAgB,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,yBAAyB,CAAC,EAAE,CAAC;YACxE,sBAAsB;YACtB,OAAO,wBAAY,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QAClD,CAAC;QAED,kEAAkE;QAClE,QAAQ,GAAG,gCAAgC,CACzC,OAAO,EACP,eAAe,CAAC,iBAAiB,CAClC,CAAC;QACF,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,0BAA0B,CAAC,CAAC;QACjE,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,4CAA4C;IAC5C,MAAM,WAAW,GAAG,wBAAwB,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IAEvE,IAAI,WAAW,IAAI,gBAAgB,EAAE,CAAC;QACpC,6EAA6E;QAC7E,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,yBAAyB,CAAC,EAAE,CAAC;YACpD,MAAM,CAAC,KAAK,CACV,iEAAiE,EACjE,WAAW,CACZ,CAAC;YACF,OAAO,wBAAY,CAAC,IAAI,CAAC;gBACvB,MAAM,EAAE,SAAS;gBACjB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;QACL,CAAC;QAED,+BAA+B;QAC/B,QAAQ,GAAG,wBAAY,CAAC,QAAQ,CAAC,GAAG,WAAW,EAAE,CAAC,CAAC;QACnD,iBAAiB,CAAC,WAAW,CAAC,CAAC;IACjC,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,KAAK,CAAC,mCAAmC,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAC7D,QAAQ,GAAG,gCAAgC,CACzC,OAAO,EACP,eAAe,CAAC,iBAAiB,CAClC,CAAC;QACF,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,0BAA0B,CAAC,CAAC;IACnE,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;;;;;;;GAWG;AACI,MAAM,OAAO,GAClB,CAAC,UAAU,GAAG,EAAE,EAAE,EAAE,CACpB,KAAK,EAAE,OAAoB,EAAyB,EAAE;IACpD,MAAM,MAAM,GAAG,IAAA,6BAAiB,EAAC,UAAU,CAAC,CAAC;IAE7C,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;QAC1C,MAAM,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACzC,MAAM,WAAW,GAAG,YAAY,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAE1D,QAAQ,WAAW,EAAE,CAAC;YACpB,KAAK,WAAW;gBACd,OAAO,MAAM,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAChD,KAAK,UAAU;gBACb,OAAO,MAAM,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC/C,KAAK,SAAS;gBACZ,OAAO,MAAM,aAAa,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC9C,KAAK,QAAQ;gBACX,OAAO,MAAM,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC7C,KAAK,gBAAgB;gBACnB,OAAO,MAAM,oBAAoB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACrD;gBACE,MAAM,IAAI,SAAS,CAAC,uBAAuB,QAAQ,EAAE,EAAE,GAAG,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC;QAE3C,MAAM,MAAM,GAAG,KAAK,YAAY,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC;QAC/D,MAAM,OAAO,GACX,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB,CAAC;QAEnE,MAAM,QAAQ,GAAG,wBAAY,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QAEnE,IAAA,6BAAgB,EAAC,MAAM,CAAC,CAAC;QACzB,OAAO,QAAQ,CAAC;IAClB,CAAC;AACH,CAAC,CAAC;AApCS,QAAA,OAAO,WAoChB","sourcesContent":["import {\n TOKEN_EXCHANGE_SUCCESS_TEXT,\n TOKEN_EXCHANGE_TRIGGER_TEXT,\n} from \"@/constants.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport {\n displayModeFromState,\n serverTokenExchangeFromState,\n} from \"@/lib/oauth.js\";\nimport type { AuthConfig } from \"@/nextjs/config.js\";\nimport { resolveAuthConfig } from \"@/nextjs/config.js\";\nimport {\n clearAuthCookies,\n NextjsClientStorage,\n NextjsCookieStorage,\n} from \"@/nextjs/cookies.js\";\nimport { getUser } from \"@/nextjs/index.js\";\nimport { resolveCallbackUrl } from \"@/nextjs/utils.js\";\nimport { resolveOAuthAccessCode } from \"@/server/login.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { AuthenticationRefresherImpl } from \"@/shared/lib/AuthenticationRefresherImpl.js\";\nimport { CodeVerifier, OAuthTokens } from \"@/shared/lib/types.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\nimport { generateOauthLogoutUrl } from \"@/shared/lib/util.js\";\nimport { revalidatePath } from \"next/cache.js\";\nimport type { NextRequest } from \"next/server.js\";\nimport { NextResponse } from \"next/server.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nclass AuthError extends Error {\n constructor(\n message: string,\n public readonly status: number = 401,\n ) {\n super(message);\n this.name = \"AuthError\";\n }\n}\n\nconst getAppUrl = (request: NextRequest): string | null =>\n request.cookies.get(CodeVerifier.APP_URL)?.value ||\n request.nextUrl.searchParams.get(\"appUrl\");\n\nconst getIdToken = async (config: AuthConfig): Promise<string | null> => {\n const cookieStorage = new NextjsCookieStorage(config.cookies?.tokens ?? {});\n return cookieStorage.get(OAuthTokens.ID_TOKEN);\n};\n\n/**\n * create a code verifier and challenge for PKCE\n * saving the verifier in a cookie for later use\n * @returns {Promise<NextResponse>}\n */\nasync function handleChallenge(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const cookieStorage = new NextjsCookieStorage(config.cookies?.tokens ?? {});\n const pkceProducer = new GenericPublicClientPKCEProducer(cookieStorage);\n\n const challenge = await pkceProducer.getCodeChallenge();\n const appUrl = request.nextUrl.searchParams.get(\"appUrl\");\n if (appUrl) {\n cookieStorage.set(CodeVerifier.APP_URL, appUrl);\n }\n return NextResponse.json({ status: \"success\", challenge });\n}\n\nasync function performTokenExchangeAndSetCookies(\n request: NextRequest,\n config: AuthConfig,\n code: string,\n state: string,\n appUrl: string,\n) {\n const resolvedConfigs = resolveAuthConfig(config);\n const cookieStorage = new NextjsCookieStorage(resolvedConfigs.cookies.tokens);\n\n const callbackUrl = resolveCallbackUrl(resolvedConfigs, appUrl);\n try {\n await resolveOAuthAccessCode(code, state, cookieStorage, {\n ...resolvedConfigs,\n redirectUrl: callbackUrl,\n });\n } catch (error) {\n logger.error(\"Token exchange failed:\", error);\n throw new AuthError(\"Failed to authenticate user\", 401);\n }\n\n const user = await getUser();\n if (!user) {\n throw new AuthError(\"Failed to get user info\", 401);\n }\n\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n userSession.set(user);\n}\nasync function handleRefresh(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const resolvedConfigs = resolveAuthConfig(config);\n const cookieStorage = new NextjsCookieStorage(config.cookies?.tokens ?? {});\n\n const refresher = await AuthenticationRefresherImpl.build(\n {\n clientId: resolvedConfigs.clientId,\n oauthServer: resolvedConfigs.oauthServer,\n redirectUrl: resolvedConfigs.callbackUrl,\n refreshUrl: resolvedConfigs.refreshUrl,\n },\n cookieStorage,\n );\n const tokens = await refresher.refreshAccessToken();\n\n // this will use the refresh token to get new tokens and, if successful\n // the idToken, accessToken and user cookies will be updated\n // await newRefresher.refreshTokens();\n return NextResponse.json({ status: \"success\", tokens });\n}\n\nconst generateHtmlResponseWithCallback = (\n request: NextRequest,\n callbackUrl: string,\n) => {\n // we need to replace the URL with resolved config in case the server is hosted\n // behind a reverse proxy or load balancer\n const requestUrl = new URL(request.url);\n const fetchUrl = `${callbackUrl}?${requestUrl.searchParams.toString()}&sameDomainCallback=true`;\n return new NextResponse(\n `<html>\n <body>\n <span style=\"display:none\">\n <script>\n window.onload = function () {\n const appUrl = globalThis.window?.location?.origin;\n fetch('${fetchUrl}&appUrl=' + appUrl).then((response) => {\n response.json().then((jsonResponse) => {\n if (jsonResponse.redirectUrl) {\n window.location.href = jsonResponse.redirectUrl;\n }\n });\n });\n };\n </script>\n </span>\n </body>\n </html>\n `,\n );\n};\n\nasync function handleCallback(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const resolvedConfigs = resolveAuthConfig(config);\n const code = request.nextUrl.searchParams.get(\"code\");\n const state = request.nextUrl.searchParams.get(\"state\");\n if (!code || !state) throw new AuthError(\"Bad parameters\", 400);\n\n // appUrl is passed from the client to the server in the query string\n // this is necessary because the server does not have access to the client's window.location.origin\n // and can not accurately determine the appUrl (specially if the app is behind a reverse proxy)\n const appUrl = getAppUrl(request);\n\n // If we have a code_verifier cookie and the appUrl, we can do a token exchange.\n // Otherwise, just render an empty page.\n // The initial redirect back from the auth server does not send cookies, because the redirect is from a 3rd-party domain.\n // The client will make an additional call to this route with cookies included, at which point we do the token exchange.\n const codeVerifier = request.cookies.get(CodeVerifier.COOKIE_NAME);\n\n if (!codeVerifier || !appUrl) {\n logger.debug(\"handleCallback no code_verifier found\", {\n state,\n serverTokenExchange: serverTokenExchangeFromState(`${state}`),\n });\n let response = new NextResponse(\n `<html><body><span style=\"display:none\">${TOKEN_EXCHANGE_TRIGGER_TEXT}</span></body></html>`,\n );\n\n // in server-side token exchange mode we need to launch a page that will trigger the token exchange\n // from the same domain, allowing it access to the code_verifier cookie\n // we only need to do this in redirect mode, as the iframe already triggers a client-side token exchange\n // if no code-verifier cookie is found\n if (state && serverTokenExchangeFromState(state)) {\n logger.debug(\n \"handleCallback serverTokenExchangeFromState, launching redirect page...\",\n {\n requestUrl: request.url,\n configCallbackUrl: resolvedConfigs.callbackUrl,\n },\n );\n // generate a page that will callback to the same domain, allowing access\n // to the code_verifier cookie and passing the appUrl.\n response = generateHtmlResponseWithCallback(\n request,\n resolvedConfigs.callbackUrl,\n );\n }\n\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n logger.debug(\n `handleCallback no code_verifier found, returning ${TOKEN_EXCHANGE_TRIGGER_TEXT}`,\n );\n return response;\n }\n\n await performTokenExchangeAndSetCookies(\n request,\n resolvedConfigs,\n code,\n state,\n appUrl,\n );\n\n if (request.url.includes(\"sameDomainCallback=true\")) {\n logger.debug(\n \"handleCallback sameDomainCallback = true, returning redirectUrl\",\n appUrl,\n );\n return NextResponse.json({\n status: \"success\",\n redirectUrl: appUrl,\n });\n }\n\n // this is the case where a 'normal' redirect is happening\n if (serverTokenExchangeFromState(state)) {\n logger.debug(\n \"handleCallback serverTokenExchangeFromState, redirect to appUrl\",\n appUrl,\n );\n if (!appUrl) {\n throw new Error(\"appUrl undefined. Cannot redirect.\");\n }\n return NextResponse.redirect(`${appUrl}`);\n }\n // return an empty HTML response so the iframe doesn't show any response\n // in the short moment between the redirect and the parent window\n // acknowledging the redirect and closing the iframe\n const response = new NextResponse(\n `<html><span style=\"display:none\">${TOKEN_EXCHANGE_SUCCESS_TEXT}</span></html>`,\n );\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n return response;\n}\n\n/**\n * If redirectPath is an absolute path, return it as-is.\n * Otherwise for relative paths, append it to the current domain.\n * @param redirectPath\n * @returns\n */\nconst getAbsoluteRedirectPath = (\n redirectPath: string,\n currentBasePath: string,\n) => new URL(redirectPath, currentBasePath).href;\n\nconst getPostLogoutRedirectUrl = (\n request: NextRequest,\n config: AuthConfig,\n): string | null => {\n const { loginUrl } = resolveAuthConfig(config);\n const redirectTarget = loginUrl ?? \"/\";\n\n // if the optional loginUrl is provided and it is an absolute URL,\n // use it as the redirect target\n const isAbsoluteRedirect = /^(https?:\\/\\/|www\\.).+/i.test(redirectTarget);\n if (isAbsoluteRedirect) {\n return redirectTarget;\n }\n\n // if loginUrl is not defined, the appUrl is passed from the client to the server\n // in the query string or cookies. This is necessary because the server does not\n // have access to the client's window.location and can not accurately determine\n // the appUrl (specially if the app is behind a reverse proxy).\n const appUrl = getAppUrl(request);\n if (appUrl) return getAbsoluteRedirectPath(redirectTarget, appUrl);\n\n return null;\n};\n\nconst revalidateUrlPath = async (url: string) => {\n try {\n const path = new URL(url).pathname;\n revalidatePath(path);\n } catch (error) {\n logger.warn(\"Failed to revalidate path after logout:\", error);\n }\n};\n\nexport async function handleLogout(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const resolvedConfigs = resolveAuthConfig(config);\n\n // read the id_token from the cookies\n const idToken = await getIdToken(resolvedConfigs);\n\n // read the state from the query parameters\n const state = request.nextUrl.searchParams.get(\"state\");\n\n if (!state || !idToken) throw new AuthError(`Bad parameters`, 400);\n\n const postLogoutUrl = new URL(\n resolvedConfigs.logoutCallbackUrl,\n getAppUrl(request) || request.url,\n );\n const logoutUrl = await generateOauthLogoutUrl({\n clientId: resolvedConfigs.clientId,\n idToken,\n state,\n redirectUrl: postLogoutUrl.href,\n oauthServer: resolvedConfigs.oauthServer,\n });\n\n return NextResponse.redirect(`${logoutUrl.href}`);\n}\n\nexport async function handleLogoutCallback(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const resolvedConfigs = resolveAuthConfig(config);\n const state = request.nextUrl.searchParams.get(\"state\") || \"\";\n if (!state) throw new AuthError(\"Bad parameters\", 400);\n\n const displayMode = displayModeFromState(state, \"iframe\");\n\n const canAccessCookies = !!(await getIdToken(resolvedConfigs));\n if (canAccessCookies) {\n await clearAuthCookies(resolvedConfigs);\n }\n\n let response;\n\n // handle logout for iframe display mode\n if (displayMode === \"iframe\") {\n // try to read the token from cookies. If cookies cant be read/written\n // because the request cames from a cross-origin redirect,\n // we need to show a page that will trigger the logout from the same domain\n if (canAccessCookies || request.url.includes(\"sameDomainCallback=true\")) {\n // just return success\n return NextResponse.json({ status: \"success\" });\n }\n\n // return a page that will trigger the logout from the same domain\n response = generateHtmlResponseWithCallback(\n request,\n resolvedConfigs.logoutCallbackUrl,\n );\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n return response;\n }\n\n // handle logout for non-iframe display mode\n const redirectUrl = getPostLogoutRedirectUrl(request, resolvedConfigs);\n\n if (redirectUrl && canAccessCookies) {\n // this is comming from the fetch from the HTML page returned by this handler\n if (request.url.includes(\"sameDomainCallback=true\")) {\n logger.debug(\n \"handleCallback sameDomainCallback = true, returning redirectUrl\",\n redirectUrl,\n );\n return NextResponse.json({\n status: \"success\",\n redirectUrl: redirectUrl,\n });\n }\n\n // just redirect to the app url\n response = NextResponse.redirect(`${redirectUrl}`);\n revalidateUrlPath(redirectUrl);\n } else {\n logger.debug(\"handleLogout no redirectUrl found\", { state });\n response = generateHtmlResponseWithCallback(\n request,\n resolvedConfigs.logoutCallbackUrl,\n );\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n }\n\n return response;\n}\n\n/**\n * Creates an authentication handler for Next.js API routes\n *\n * Usage:\n * ```ts\n * // app/api/auth/[...civicauth]/route.ts\n * import { handler } from '@civic/auth/nextjs'\n * export const GET = handler({\n * // optional config overrides\n * })\n * ```\n */\nexport const handler =\n (authConfig = {}) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const config = resolveAuthConfig(authConfig);\n\n try {\n const pathname = request.nextUrl.pathname;\n const pathSegments = pathname.split(\"/\");\n const lastSegment = pathSegments[pathSegments.length - 1];\n\n switch (lastSegment) {\n case \"challenge\":\n return await handleChallenge(request, config);\n case \"callback\":\n return await handleCallback(request, config);\n case \"refresh\":\n return await handleRefresh(request, config);\n case \"logout\":\n return await handleLogout(request, config);\n case \"logoutcallback\":\n return await handleLogoutCallback(request, config);\n default:\n throw new AuthError(`Invalid auth route: ${pathname}`, 404);\n }\n } catch (error) {\n logger.error(\"Auth handler error:\", error);\n\n const status = error instanceof AuthError ? error.status : 500;\n const message =\n error instanceof Error ? error.message : \"Authentication failed\";\n\n const response = NextResponse.json({ error: message }, { status });\n\n clearAuthCookies(config);\n return response;\n }\n };\n"]}
1
+ {"version":3,"file":"routeHandler.js","sourceRoot":"","sources":["../../../src/nextjs/routeHandler.ts"],"names":[],"mappings":";;;AAgSA,oCA2BC;AAED,oDAiEC;AA9XD,iDAGwB;AACxB,+CAA0C;AAC1C,6CAGwB;AAExB,kDAAuD;AACvD,oDAA4E;AAC5E,gDAA4C;AAC5C,gDAAuD;AACvD,gDAA2D;AAC3D,gDAAqE;AACrE,gGAA0F;AAC1F,oDAAkE;AAClE,gEAAiE;AACjE,kDAA8D;AAC9D,4CAA+C;AAE/C,8CAA8C;AAE9C,MAAM,MAAM,GAAG,mBAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;AAE5C,MAAM,SAAU,SAAQ,KAAK;IAGT;IAFlB,YACE,OAAe,EACC,SAAiB,GAAG;QAEpC,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,WAAM,GAAN,MAAM,CAAc;QAGpC,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;IAC1B,CAAC;CACF;AAED,MAAM,SAAS,GAAG,CAAC,OAAoB,EAAiB,EAAE,CACxD,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAY,CAAC,OAAO,CAAC,EAAE,KAAK;IAChD,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AAE7C,MAAM,UAAU,GAAG,KAAK,EAAE,MAAkB,EAA0B,EAAE;IACtE,MAAM,aAAa,GAAG,IAAI,gCAAmB,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;IAC5E,OAAO,aAAa,CAAC,GAAG,CAAC,sBAAW,CAAC,QAAQ,CAAC,CAAC;AACjD,CAAC,CAAC;AAEF;;;;GAIG;AACH,KAAK,UAAU,eAAe,CAC5B,OAAoB,EACpB,MAAkB;IAElB,MAAM,aAAa,GAAG,IAAI,gCAAmB,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,IAAI,yCAA+B,CAAC,aAAa,CAAC,CAAC;IAExE,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,gBAAgB,EAAE,CAAC;IACxD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC1D,IAAI,MAAM,EAAE,CAAC;QACX,aAAa,CAAC,GAAG,CAAC,uBAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,wBAAY,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC;AAC7D,CAAC;AAED,KAAK,UAAU,iCAAiC,CAC9C,MAAkB,EAClB,IAAY,EACZ,KAAa,EACb,MAAc;IAEd,MAAM,eAAe,GAAG,IAAA,6BAAiB,EAAC,MAAM,CAAC,CAAC;IAClD,mGAAmG;IACnG,kFAAkF;IAClF,0DAA0D;IAC1D,MAAM,aAAa,GAAG,IAAI,gCAAmB,CAAC;QAC5C,GAAG,eAAe,CAAC,OAAO,CAAC,MAAM;QACjC,IAAI,EAAE,eAAe,CAAC,OAAO,CAAC,IAAI;KACnC,CAAC,CAAC;IAEH,MAAM,WAAW,GAAG,IAAA,6BAAkB,EAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAChE,IAAI,CAAC;QACH,MAAM,IAAA,iCAAsB,EAAC,IAAI,EAAE,KAAK,EAAE,aAAa,EAAE;YACvD,GAAG,eAAe;YAClB,WAAW,EAAE,WAAW;SACzB,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAC;QAC9C,MAAM,IAAI,SAAS,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,IAAA,kBAAO,GAAE,CAAC;IAC7B,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,SAAS,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;IACtD,CAAC;IACD,MAAM,WAAW,GAAG,IAAI,mCAAkB,CAAC,aAAa,CAAC,CAAC;IAC1D,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AACxB,CAAC;AACD,KAAK,UAAU,aAAa,CAC1B,OAAoB,EACpB,MAAkB;IAElB,MAAM,eAAe,GAAG,IAAA,6BAAiB,EAAC,MAAM,CAAC,CAAC;IAClD,MAAM,aAAa,GAAG,IAAI,gCAAmB,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;IAE5E,MAAM,SAAS,GAAG,MAAM,4DAA2B,CAAC,KAAK,CACvD;QACE,QAAQ,EAAE,eAAe,CAAC,QAAQ;QAClC,WAAW,EAAE,eAAe,CAAC,WAAW;QACxC,WAAW,EAAE,eAAe,CAAC,WAAW;QACxC,UAAU,EAAE,eAAe,CAAC,UAAU;KACvC,EACD,aAAa,CACd,CAAC;IACF,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,kBAAkB,EAAE,CAAC;IAEpD,uEAAuE;IACvE,4DAA4D;IAC5D,sCAAsC;IACtC,OAAO,wBAAY,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;AAC1D,CAAC;AAED,MAAM,gCAAgC,GAAG,CACvC,OAAoB,EACpB,WAAmB,EACnB,EAAE;IACF,+EAA+E;IAC/E,0CAA0C;IAC1C,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,QAAQ,GAAG,GAAG,WAAW,IAAI,UAAU,CAAC,YAAY,CAAC,QAAQ,EAAE,0BAA0B,CAAC;IAChG,OAAO,IAAI,wBAAY,CACrB;;;;;;kCAM8B,QAAQ;;;;;;;;;;;;KAYrC,CACF,CAAC;AACJ,CAAC,CAAC;AAEF,KAAK,UAAU,cAAc,CAC3B,OAAoB,EACpB,MAAkB;IAElB,MAAM,eAAe,GAAG,IAAA,6BAAiB,EAAC,MAAM,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACtD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACxD,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,SAAS,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;IAEhE,qEAAqE;IACrE,mGAAmG;IACnG,+FAA+F;IAC/F,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IAElC,gFAAgF;IAChF,wCAAwC;IACxC,yHAAyH;IACzH,wHAAwH;IACxH,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAY,CAAC,WAAW,CAAC,CAAC;IAEnE,IAAI,CAAC,YAAY,IAAI,CAAC,MAAM,EAAE,CAAC;QAC7B,MAAM,CAAC,KAAK,CAAC,uCAAuC,EAAE;YACpD,KAAK;YACL,mBAAmB,EAAE,IAAA,uCAA4B,EAAC,GAAG,KAAK,EAAE,CAAC;SAC9D,CAAC,CAAC;QACH,IAAI,QAAQ,GAAG,IAAI,wBAAY,CAC7B,oDAAoD,0CAA2B,uBAAuB,CACvG,CAAC;QAEF,mGAAmG;QACnG,uEAAuE;QACvE,wGAAwG;QACxG,sCAAsC;QACtC,IAAI,KAAK,IAAI,IAAA,uCAA4B,EAAC,KAAK,CAAC,EAAE,CAAC;YACjD,MAAM,CAAC,KAAK,CACV,yEAAyE,EACzE;gBACE,UAAU,EAAE,OAAO,CAAC,GAAG;gBACvB,iBAAiB,EAAE,eAAe,CAAC,WAAW;aAC/C,CACF,CAAC;YACF,yEAAyE;YACzE,sDAAsD;YACtD,QAAQ,GAAG,gCAAgC,CACzC,OAAO,EACP,eAAe,CAAC,WAAW,CAC5B,CAAC;QACJ,CAAC;QAED,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,0BAA0B,CAAC,CAAC;QACjE,MAAM,CAAC,KAAK,CACV,oDAAoD,0CAA2B,EAAE,CAClF,CAAC;QACF,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,MAAM,iCAAiC,CAAC,eAAe,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAE9E,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,yBAAyB,CAAC,EAAE,CAAC;QACpD,MAAM,CAAC,KAAK,CACV,iEAAiE,EACjE,MAAM,CACP,CAAC;QACF,OAAO,wBAAY,CAAC,IAAI,CAAC;YACvB,MAAM,EAAE,SAAS;YACjB,WAAW,EAAE,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;IAED,0DAA0D;IAC1D,IAAI,IAAA,uCAA4B,EAAC,KAAK,CAAC,EAAE,CAAC;QACxC,MAAM,CAAC,KAAK,CACV,iEAAiE,EACjE,MAAM,CACP,CAAC;QACF,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,wBAAY,CAAC,QAAQ,CAAC,GAAG,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IACD,wEAAwE;IACxE,iEAAiE;IACjE,oDAAoD;IACpD,MAAM,QAAQ,GAAG,IAAI,wBAAY,CAC/B,8CAA8C,0CAA2B,gBAAgB,CAC1F,CAAC;IACF,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,0BAA0B,CAAC,CAAC;IACjE,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,uBAAuB,GAAG,CAC9B,YAAoB,EACpB,eAAuB,EACvB,EAAE,CAAC,IAAI,GAAG,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC,IAAI,CAAC;AAEjD,MAAM,wBAAwB,GAAG,CAC/B,OAAoB,EACpB,MAAkB,EACH,EAAE;IACjB,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAA,6BAAiB,EAAC,MAAM,CAAC,CAAC;IAC/C,MAAM,cAAc,GAAG,QAAQ,IAAI,GAAG,CAAC;IAEvC,kEAAkE;IAClE,gCAAgC;IAChC,MAAM,kBAAkB,GAAG,yBAAyB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC1E,IAAI,kBAAkB,EAAE,CAAC;QACvB,OAAO,cAAc,CAAC;IACxB,CAAC;IAED,iFAAiF;IACjF,gFAAgF;IAChF,+EAA+E;IAC/E,+DAA+D;IAC/D,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IAClC,IAAI,MAAM;QAAE,OAAO,uBAAuB,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;IAEnE,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAEF,MAAM,iBAAiB,GAAG,KAAK,EAAE,GAAW,EAAE,EAAE;IAC9C,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;QACnC,IAAA,yBAAc,EAAC,IAAI,CAAC,CAAC;IACvB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,yCAAyC,EAAE,KAAK,CAAC,CAAC;IAChE,CAAC;AACH,CAAC,CAAC;AAEK,KAAK,UAAU,YAAY,CAChC,OAAoB,EACpB,MAAkB;IAElB,MAAM,eAAe,GAAG,IAAA,6BAAiB,EAAC,MAAM,CAAC,CAAC;IAElD,qCAAqC;IACrC,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,eAAe,CAAC,CAAC;IAElD,2CAA2C;IAC3C,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAExD,IAAI,CAAC,KAAK,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,SAAS,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;IAEnE,MAAM,aAAa,GAAG,IAAI,GAAG,CAC3B,eAAe,CAAC,iBAAiB,EACjC,SAAS,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,GAAG,CAClC,CAAC;IACF,MAAM,SAAS,GAAG,MAAM,IAAA,gCAAsB,EAAC;QAC7C,QAAQ,EAAE,eAAe,CAAC,QAAQ;QAClC,OAAO;QACP,KAAK;QACL,WAAW,EAAE,aAAa,CAAC,IAAI;QAC/B,WAAW,EAAE,eAAe,CAAC,WAAW;KACzC,CAAC,CAAC;IAEH,OAAO,wBAAY,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC;AACpD,CAAC;AAEM,KAAK,UAAU,oBAAoB,CACxC,OAAoB,EACpB,MAAkB;IAElB,MAAM,eAAe,GAAG,IAAA,6BAAiB,EAAC,MAAM,CAAC,CAAC;IAClD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;IAC9D,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,SAAS,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;IAEvD,MAAM,WAAW,GAAG,IAAA,+BAAoB,EAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IAE1D,MAAM,gBAAgB,GAAG,CAAC,CAAC,CAAC,MAAM,UAAU,CAAC,eAAe,CAAC,CAAC,CAAC;IAC/D,IAAI,gBAAgB,EAAE,CAAC;QACrB,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC3B,CAAC;IAED,IAAI,QAAQ,CAAC;IAEb,wCAAwC;IACxC,IAAI,WAAW,KAAK,QAAQ,EAAE,CAAC;QAC7B,sEAAsE;QACtE,0DAA0D;QAC1D,2EAA2E;QAC3E,IAAI,gBAAgB,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,yBAAyB,CAAC,EAAE,CAAC;YACxE,sBAAsB;YACtB,OAAO,wBAAY,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QAClD,CAAC;QAED,kEAAkE;QAClE,QAAQ,GAAG,gCAAgC,CACzC,OAAO,EACP,eAAe,CAAC,iBAAiB,CAClC,CAAC;QACF,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,0BAA0B,CAAC,CAAC;QACjE,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,4CAA4C;IAC5C,MAAM,WAAW,GAAG,wBAAwB,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IAEvE,IAAI,WAAW,IAAI,gBAAgB,EAAE,CAAC;QACpC,6EAA6E;QAC7E,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,yBAAyB,CAAC,EAAE,CAAC;YACpD,MAAM,CAAC,KAAK,CACV,iEAAiE,EACjE,WAAW,CACZ,CAAC;YACF,OAAO,wBAAY,CAAC,IAAI,CAAC;gBACvB,MAAM,EAAE,SAAS;gBACjB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;QACL,CAAC;QAED,+BAA+B;QAC/B,QAAQ,GAAG,wBAAY,CAAC,QAAQ,CAAC,GAAG,WAAW,EAAE,CAAC,CAAC;QACnD,iBAAiB,CAAC,WAAW,CAAC,CAAC;IACjC,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,KAAK,CAAC,mCAAmC,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAC7D,QAAQ,GAAG,gCAAgC,CACzC,OAAO,EACP,eAAe,CAAC,iBAAiB,CAClC,CAAC;QACF,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,0BAA0B,CAAC,CAAC;IACnE,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;;;;;;;GAWG;AACI,MAAM,OAAO,GAClB,CAAC,UAAU,GAAG,EAAE,EAAE,EAAE,CACpB,KAAK,EAAE,OAAoB,EAAyB,EAAE;IACpD,MAAM,MAAM,GAAG,IAAA,6BAAiB,EAAC,UAAU,CAAC,CAAC;IAE7C,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;QAC1C,MAAM,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACzC,MAAM,WAAW,GAAG,YAAY,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAE1D,QAAQ,WAAW,EAAE,CAAC;YACpB,KAAK,WAAW;gBACd,OAAO,MAAM,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAChD,KAAK,UAAU;gBACb,OAAO,MAAM,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC/C,KAAK,SAAS;gBACZ,OAAO,MAAM,aAAa,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC9C,KAAK,QAAQ;gBACX,OAAO,MAAM,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC7C,KAAK,gBAAgB;gBACnB,OAAO,MAAM,oBAAoB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACrD;gBACE,MAAM,IAAI,SAAS,CAAC,uBAAuB,QAAQ,EAAE,EAAE,GAAG,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC;QAE3C,MAAM,MAAM,GAAG,KAAK,YAAY,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC;QAC/D,MAAM,OAAO,GACX,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB,CAAC;QAEnE,MAAM,QAAQ,GAAG,wBAAY,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QAEnE,MAAM,IAAA,6BAAgB,GAAE,CAAC;QACzB,OAAO,QAAQ,CAAC;IAClB,CAAC;AACH,CAAC,CAAC;AApCS,QAAA,OAAO,WAoChB","sourcesContent":["import {\n TOKEN_EXCHANGE_SUCCESS_TEXT,\n TOKEN_EXCHANGE_TRIGGER_TEXT,\n} from \"@/constants.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport {\n displayModeFromState,\n serverTokenExchangeFromState,\n} from \"@/lib/oauth.js\";\nimport type { AuthConfig } from \"@/nextjs/config.js\";\nimport { resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { clearAuthCookies, NextjsCookieStorage } from \"@/nextjs/cookies.js\";\nimport { getUser } from \"@/nextjs/index.js\";\nimport { resolveCallbackUrl } from \"@/nextjs/utils.js\";\nimport { resolveOAuthAccessCode } from \"@/server/login.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { AuthenticationRefresherImpl } from \"@/shared/lib/AuthenticationRefresherImpl.js\";\nimport { CodeVerifier, OAuthTokens } from \"@/shared/lib/types.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\nimport { generateOauthLogoutUrl } from \"@/shared/lib/util.js\";\nimport { revalidatePath } from \"next/cache.js\";\nimport type { NextRequest } from \"next/server.js\";\nimport { NextResponse } from \"next/server.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nclass AuthError extends Error {\n constructor(\n message: string,\n public readonly status: number = 401,\n ) {\n super(message);\n this.name = \"AuthError\";\n }\n}\n\nconst getAppUrl = (request: NextRequest): string | null =>\n request.cookies.get(CodeVerifier.APP_URL)?.value ||\n request.nextUrl.searchParams.get(\"appUrl\");\n\nconst getIdToken = async (config: AuthConfig): Promise<string | null> => {\n const cookieStorage = new NextjsCookieStorage(config.cookies?.tokens ?? {});\n return cookieStorage.get(OAuthTokens.ID_TOKEN);\n};\n\n/**\n * create a code verifier and challenge for PKCE\n * saving the verifier in a cookie for later use\n * @returns {Promise<NextResponse>}\n */\nasync function handleChallenge(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const cookieStorage = new NextjsCookieStorage(config.cookies?.tokens ?? {});\n const pkceProducer = new GenericPublicClientPKCEProducer(cookieStorage);\n\n const challenge = await pkceProducer.getCodeChallenge();\n const appUrl = request.nextUrl.searchParams.get(\"appUrl\");\n if (appUrl) {\n cookieStorage.set(CodeVerifier.APP_URL, appUrl);\n }\n return NextResponse.json({ status: \"success\", challenge });\n}\n\nasync function performTokenExchangeAndSetCookies(\n config: AuthConfig,\n code: string,\n state: string,\n appUrl: string,\n) {\n const resolvedConfigs = resolveAuthConfig(config);\n // TODO This is messy, better would be to fix the config.cookies type to always be <name: settings>\n // rather than nesting the tokens-related ones *and* code-verifier inside \"tokens\"\n // (despite code-verifier not relating directly to tokens)\n const cookieStorage = new NextjsCookieStorage({\n ...resolvedConfigs.cookies.tokens,\n user: resolvedConfigs.cookies.user,\n });\n\n const callbackUrl = resolveCallbackUrl(resolvedConfigs, appUrl);\n try {\n await resolveOAuthAccessCode(code, state, cookieStorage, {\n ...resolvedConfigs,\n redirectUrl: callbackUrl,\n });\n } catch (error) {\n logger.error(\"Token exchange failed:\", error);\n throw new AuthError(\"Failed to authenticate user\", 401);\n }\n\n const user = await getUser();\n if (!user) {\n throw new AuthError(\"Failed to get user info\", 401);\n }\n const userSession = new GenericUserSession(cookieStorage);\n userSession.set(user);\n}\nasync function handleRefresh(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const resolvedConfigs = resolveAuthConfig(config);\n const cookieStorage = new NextjsCookieStorage(config.cookies?.tokens ?? {});\n\n const refresher = await AuthenticationRefresherImpl.build(\n {\n clientId: resolvedConfigs.clientId,\n oauthServer: resolvedConfigs.oauthServer,\n redirectUrl: resolvedConfigs.callbackUrl,\n refreshUrl: resolvedConfigs.refreshUrl,\n },\n cookieStorage,\n );\n const tokens = await refresher.refreshAccessToken();\n\n // this will use the refresh token to get new tokens and, if successful\n // the idToken, accessToken and user cookies will be updated\n // await newRefresher.refreshTokens();\n return NextResponse.json({ status: \"success\", tokens });\n}\n\nconst generateHtmlResponseWithCallback = (\n request: NextRequest,\n callbackUrl: string,\n) => {\n // we need to replace the URL with resolved config in case the server is hosted\n // behind a reverse proxy or load balancer\n const requestUrl = new URL(request.url);\n const fetchUrl = `${callbackUrl}?${requestUrl.searchParams.toString()}&sameDomainCallback=true`;\n return new NextResponse(\n `<html lang=\"en\">\n <body>\n <span style=\"display:none\">\n <script>\n window.onload = function () {\n const appUrl = globalThis.window?.location?.origin;\n fetch('${fetchUrl}&appUrl=' + appUrl).then((response) => {\n response.json().then((jsonResponse) => {\n if (jsonResponse.redirectUrl) {\n window.location.href = jsonResponse.redirectUrl;\n }\n });\n });\n };\n </script>\n </span>\n </body>\n </html>\n `,\n );\n};\n\nasync function handleCallback(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const resolvedConfigs = resolveAuthConfig(config);\n const code = request.nextUrl.searchParams.get(\"code\");\n const state = request.nextUrl.searchParams.get(\"state\");\n if (!code || !state) throw new AuthError(\"Bad parameters\", 400);\n\n // appUrl is passed from the client to the server in the query string\n // this is necessary because the server does not have access to the client's window.location.origin\n // and can not accurately determine the appUrl (specially if the app is behind a reverse proxy)\n const appUrl = getAppUrl(request);\n\n // If we have a code_verifier cookie and the appUrl, we can do a token exchange.\n // Otherwise, just render an empty page.\n // The initial redirect back from the auth server does not send cookies, because the redirect is from a 3rd-party domain.\n // The client will make an additional call to this route with cookies included, at which point we do the token exchange.\n const codeVerifier = request.cookies.get(CodeVerifier.COOKIE_NAME);\n\n if (!codeVerifier || !appUrl) {\n logger.debug(\"handleCallback no code_verifier found\", {\n state,\n serverTokenExchange: serverTokenExchangeFromState(`${state}`),\n });\n let response = new NextResponse(\n `<html lang=\"en\"><body><span style=\"display:none\">${TOKEN_EXCHANGE_TRIGGER_TEXT}</span></body></html>`,\n );\n\n // in server-side token exchange mode we need to launch a page that will trigger the token exchange\n // from the same domain, allowing it access to the code_verifier cookie\n // we only need to do this in redirect mode, as the iframe already triggers a client-side token exchange\n // if no code-verifier cookie is found\n if (state && serverTokenExchangeFromState(state)) {\n logger.debug(\n \"handleCallback serverTokenExchangeFromState, launching redirect page...\",\n {\n requestUrl: request.url,\n configCallbackUrl: resolvedConfigs.callbackUrl,\n },\n );\n // generate a page that will callback to the same domain, allowing access\n // to the code_verifier cookie and passing the appUrl.\n response = generateHtmlResponseWithCallback(\n request,\n resolvedConfigs.callbackUrl,\n );\n }\n\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n logger.debug(\n `handleCallback no code_verifier found, returning ${TOKEN_EXCHANGE_TRIGGER_TEXT}`,\n );\n return response;\n }\n\n await performTokenExchangeAndSetCookies(resolvedConfigs, code, state, appUrl);\n\n if (request.url.includes(\"sameDomainCallback=true\")) {\n logger.debug(\n \"handleCallback sameDomainCallback = true, returning redirectUrl\",\n appUrl,\n );\n return NextResponse.json({\n status: \"success\",\n redirectUrl: appUrl,\n });\n }\n\n // this is the case where a 'normal' redirect is happening\n if (serverTokenExchangeFromState(state)) {\n logger.debug(\n \"handleCallback serverTokenExchangeFromState, redirect to appUrl\",\n appUrl,\n );\n if (!appUrl) {\n throw new Error(\"appUrl undefined. Cannot redirect.\");\n }\n return NextResponse.redirect(`${appUrl}`);\n }\n // return an empty HTML response so the iframe doesn't show any response\n // in the short moment between the redirect and the parent window\n // acknowledging the redirect and closing the iframe\n const response = new NextResponse(\n `<html lang=\"en\"><span style=\"display:none\">${TOKEN_EXCHANGE_SUCCESS_TEXT}</span></html>`,\n );\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n return response;\n}\n\n/**\n * If redirectPath is an absolute path, return it as-is.\n * Otherwise for relative paths, append it to the current domain.\n * @param redirectPath\n * @param currentBasePath\n * @returns\n */\nconst getAbsoluteRedirectPath = (\n redirectPath: string,\n currentBasePath: string,\n) => new URL(redirectPath, currentBasePath).href;\n\nconst getPostLogoutRedirectUrl = (\n request: NextRequest,\n config: AuthConfig,\n): string | null => {\n const { loginUrl } = resolveAuthConfig(config);\n const redirectTarget = loginUrl ?? \"/\";\n\n // if the optional loginUrl is provided and it is an absolute URL,\n // use it as the redirect target\n const isAbsoluteRedirect = /^(https?:\\/\\/|www\\.).+/i.test(redirectTarget);\n if (isAbsoluteRedirect) {\n return redirectTarget;\n }\n\n // if loginUrl is not defined, the appUrl is passed from the client to the server\n // in the query string or cookies. This is necessary because the server does not\n // have access to the client's window.location and can not accurately determine\n // the appUrl (specially if the app is behind a reverse proxy).\n const appUrl = getAppUrl(request);\n if (appUrl) return getAbsoluteRedirectPath(redirectTarget, appUrl);\n\n return null;\n};\n\nconst revalidateUrlPath = async (url: string) => {\n try {\n const path = new URL(url).pathname;\n revalidatePath(path);\n } catch (error) {\n logger.warn(\"Failed to revalidate path after logout:\", error);\n }\n};\n\nexport async function handleLogout(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const resolvedConfigs = resolveAuthConfig(config);\n\n // read the id_token from the cookies\n const idToken = await getIdToken(resolvedConfigs);\n\n // read the state from the query parameters\n const state = request.nextUrl.searchParams.get(\"state\");\n\n if (!state || !idToken) throw new AuthError(`Bad parameters`, 400);\n\n const postLogoutUrl = new URL(\n resolvedConfigs.logoutCallbackUrl,\n getAppUrl(request) || request.url,\n );\n const logoutUrl = await generateOauthLogoutUrl({\n clientId: resolvedConfigs.clientId,\n idToken,\n state,\n redirectUrl: postLogoutUrl.href,\n oauthServer: resolvedConfigs.oauthServer,\n });\n\n return NextResponse.redirect(`${logoutUrl.href}`);\n}\n\nexport async function handleLogoutCallback(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const resolvedConfigs = resolveAuthConfig(config);\n const state = request.nextUrl.searchParams.get(\"state\") || \"\";\n if (!state) throw new AuthError(\"Bad parameters\", 400);\n\n const displayMode = displayModeFromState(state, \"iframe\");\n\n const canAccessCookies = !!(await getIdToken(resolvedConfigs));\n if (canAccessCookies) {\n await clearAuthCookies();\n }\n\n let response;\n\n // handle logout for iframe display mode\n if (displayMode === \"iframe\") {\n // try to read the token from cookies. If cookies cant be read/written\n // because the request cames from a cross-origin redirect,\n // we need to show a page that will trigger the logout from the same domain\n if (canAccessCookies || request.url.includes(\"sameDomainCallback=true\")) {\n // just return success\n return NextResponse.json({ status: \"success\" });\n }\n\n // return a page that will trigger the logout from the same domain\n response = generateHtmlResponseWithCallback(\n request,\n resolvedConfigs.logoutCallbackUrl,\n );\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n return response;\n }\n\n // handle logout for non-iframe display mode\n const redirectUrl = getPostLogoutRedirectUrl(request, resolvedConfigs);\n\n if (redirectUrl && canAccessCookies) {\n // this is comming from the fetch from the HTML page returned by this handler\n if (request.url.includes(\"sameDomainCallback=true\")) {\n logger.debug(\n \"handleCallback sameDomainCallback = true, returning redirectUrl\",\n redirectUrl,\n );\n return NextResponse.json({\n status: \"success\",\n redirectUrl: redirectUrl,\n });\n }\n\n // just redirect to the app url\n response = NextResponse.redirect(`${redirectUrl}`);\n revalidateUrlPath(redirectUrl);\n } else {\n logger.debug(\"handleLogout no redirectUrl found\", { state });\n response = generateHtmlResponseWithCallback(\n request,\n resolvedConfigs.logoutCallbackUrl,\n );\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n }\n\n return response;\n}\n\n/**\n * Creates an authentication handler for Next.js API routes\n *\n * Usage:\n * ```ts\n * // app/api/auth/[...civicauth]/route.ts\n * import { handler } from '@civic/auth/nextjs'\n * export const GET = handler({\n * // optional config overrides\n * })\n * ```\n */\nexport const handler =\n (authConfig = {}) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const config = resolveAuthConfig(authConfig);\n\n try {\n const pathname = request.nextUrl.pathname;\n const pathSegments = pathname.split(\"/\");\n const lastSegment = pathSegments[pathSegments.length - 1];\n\n switch (lastSegment) {\n case \"challenge\":\n return await handleChallenge(request, config);\n case \"callback\":\n return await handleCallback(request, config);\n case \"refresh\":\n return await handleRefresh(request, config);\n case \"logout\":\n return await handleLogout(request, config);\n case \"logoutcallback\":\n return await handleLogoutCallback(request, config);\n default:\n throw new AuthError(`Invalid auth route: ${pathname}`, 404);\n }\n } catch (error) {\n logger.error(\"Auth handler error:\", error);\n\n const status = error instanceof AuthError ? error.status : 500;\n const message =\n error instanceof Error ? error.message : \"Authentication failed\";\n\n const response = NextResponse.json({ error: message }, { status });\n\n await clearAuthCookies();\n return response;\n }\n };\n"]}
package/dist/cjs/shared/index.d.ts CHANGED
@@ -2,4 +2,5 @@ import { VERSION } from "./version.js";
2
2
  export { VERSION };
3
3
  export declare const getVersion: () => string;
4
4
  export declare const printVersion: () => void;
5
+ export { BrowserCookieStorage } from "../shared/lib/BrowserCookieStorage.js";
5
6
  //# sourceMappingURL=index.d.ts.map
package/dist/cjs/shared/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/shared/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,OAAO,EAAE,CAAC;AAEnB,eAAO,MAAM,UAAU,cAAgB,CAAC;AAExC,eAAO,MAAM,YAAY,YAWxB,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/shared/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,OAAO,EAAE,CAAC;AAEnB,eAAO,MAAM,UAAU,cAAgB,CAAC;AAExC,eAAO,MAAM,YAAY,YAWxB,CAAC;AACF,OAAO,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC"}
package/dist/cjs/shared/index.js CHANGED
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.printVersion = exports.getVersion = exports.VERSION = void 0;
3
+ exports.BrowserCookieStorage = exports.printVersion = exports.getVersion = exports.VERSION = void 0;
4
4
  const version_js_1 = require("./version.js");
5
5
  Object.defineProperty(exports, "VERSION", { enumerable: true, get: function () { return version_js_1.VERSION; } });
6
6
  let versionPrinted = false;
@@ -18,4 +18,6 @@ const printVersion = () => {
18
18
  }
19
19
  };
20
20
  exports.printVersion = printVersion;
21
+ var BrowserCookieStorage_js_1 = require("../shared/lib/BrowserCookieStorage.js");
22
+ Object.defineProperty(exports, "BrowserCookieStorage", { enumerable: true, get: function () { return BrowserCookieStorage_js_1.BrowserCookieStorage; } });
21
23
  //# sourceMappingURL=index.js.map
package/dist/cjs/shared/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/shared/index.ts"],"names":[],"mappings":";;;AAAA,6CAAuC;AAC9B,wFADA,oBAAO,OACA;AAChB,IAAI,cAAc,GAAG,KAAK,CAAC;AACpB,MAAM,UAAU,GAAG,GAAG,EAAE,CAAC,oBAAO,CAAC;AAA3B,QAAA,UAAU,cAAiB;AACxC,mCAAmC;AAC5B,MAAM,YAAY,GAAG,GAAG,EAAE;IAC/B,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,cAAc,GAAG,IAAI,CAAC;QACtB,IACE,IAAA,kBAAU,GAAE;YACZ,OAAO,MAAM,KAAK,WAAW;YAC7B,OAAO,QAAQ,KAAK,WAAW,EAC/B,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,IAAA,kBAAU,GAAE,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;AACH,CAAC,CAAC;AAXW,QAAA,YAAY,gBAWvB","sourcesContent":["import { VERSION } from \"./version.js\";\nexport { VERSION };\nlet versionPrinted = false;\nexport const getVersion = () => VERSION;\n// print the version to the browser\nexport const printVersion = () => {\n if (!versionPrinted) {\n versionPrinted = true;\n if (\n getVersion() &&\n typeof window !== \"undefined\" &&\n typeof document !== \"undefined\"\n ) {\n console.log(getVersion());\n }\n }\n};\n"]}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/shared/index.ts"],"names":[],"mappings":";;;AAAA,6CAAuC;AAC9B,wFADA,oBAAO,OACA;AAChB,IAAI,cAAc,GAAG,KAAK,CAAC;AACpB,MAAM,UAAU,GAAG,GAAG,EAAE,CAAC,oBAAO,CAAC;AAA3B,QAAA,UAAU,cAAiB;AACxC,mCAAmC;AAC5B,MAAM,YAAY,GAAG,GAAG,EAAE;IAC/B,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,cAAc,GAAG,IAAI,CAAC;QACtB,IACE,IAAA,kBAAU,GAAE;YACZ,OAAO,MAAM,KAAK,WAAW;YAC7B,OAAO,QAAQ,KAAK,WAAW,EAC/B,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,IAAA,kBAAU,GAAE,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;AACH,CAAC,CAAC;AAXW,QAAA,YAAY,gBAWvB;AACF,gFAA4E;AAAnE,+HAAA,oBAAoB,OAAA","sourcesContent":["import { VERSION } from \"./version.js\";\nexport { VERSION };\nlet versionPrinted = false;\nexport const getVersion = () => VERSION;\n// print the version to the browser\nexport const printVersion = () => {\n if (!versionPrinted) {\n versionPrinted = true;\n if (\n getVersion() &&\n typeof window !== \"undefined\" &&\n typeof document !== \"undefined\"\n ) {\n console.log(getVersion());\n }\n }\n};\nexport { BrowserCookieStorage } from \"@/shared/lib/BrowserCookieStorage.js\";\n"]}
package/dist/cjs/shared/lib/BrowserCookieStorage.d.ts ADDED
@@ -0,0 +1,7 @@
1
+ import { CookieStorage, type CookieStorageSettings } from "../../shared/lib/storage.js";
2
+ export declare class BrowserCookieStorage extends CookieStorage {
3
+ constructor(config?: Partial<CookieStorageSettings>);
4
+ get(key: string): Promise<string | null>;
5
+ set(key: string, value: string): Promise<void>;
6
+ }
7
+ //# sourceMappingURL=BrowserCookieStorage.d.ts.map
package/dist/cjs/shared/lib/BrowserCookieStorage.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"BrowserCookieStorage.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/BrowserCookieStorage.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,aAAa,EACb,KAAK,qBAAqB,EAC3B,MAAM,yBAAyB,CAAC;AAWjC,qBAAa,oBAAqB,SAAQ,aAAa;gBACzC,MAAM,GAAE,OAAO,CAAC,qBAAqB,CAAM;IASjD,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAaxC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CA0BrD"}
package/dist/cjs/shared/lib/BrowserCookieStorage.js ADDED
@@ -0,0 +1,55 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.BrowserCookieStorage = void 0;
4
+ const storage_js_1 = require("../../shared/lib/storage.js");
5
+ // Ensure only runs in a browser environment
6
+ function documentObj() {
7
+ if (typeof globalThis.window !== "undefined")
8
+ return globalThis.document;
9
+ const stack = new Error().stack;
10
+ throw new Error("Document is not available in this environment:" + JSON.stringify(stack));
11
+ }
12
+ class BrowserCookieStorage extends storage_js_1.CookieStorage {
13
+ constructor(config = {}) {
14
+ super({
15
+ // sensible browser defaults
16
+ secure: false,
17
+ httpOnly: false,
18
+ ...config,
19
+ });
20
+ }
21
+ async get(key) {
22
+ return (documentObj()
23
+ .cookie.split(";")
24
+ .find((cookie) => {
25
+ const [cookieKey, cookieValue] = cookie.split("=");
26
+ if (cookieKey?.trim() === key) {
27
+ return cookieValue ? decodeURIComponent(cookieValue) : null;
28
+ }
29
+ }) ?? null);
30
+ }
31
+ async set(key, value) {
32
+ const encodedValue = encodeURIComponent(value);
33
+ const settings = this.settings;
34
+ let cookieSettings = "";
35
+ if (settings.path) {
36
+ cookieSettings += `Path=${settings.path}; `;
37
+ }
38
+ if (settings.expires) {
39
+ cookieSettings += `Expires=${settings.expires}; `;
40
+ }
41
+ if (settings.secure) {
42
+ cookieSettings += `Secure; `;
43
+ }
44
+ if (settings.httpOnly) {
45
+ // HttpOnly cannot be set from client-side JavaScript, so this clause can be omitted.
46
+ console.warn("HttpOnly cannot be set on client-side cookies. Ignoring this setting.");
47
+ }
48
+ if (settings.sameSite) {
49
+ cookieSettings += `SameSite=${settings.sameSite}; `;
50
+ }
51
+ documentObj().cookie = `${key}=${encodedValue}; ${cookieSettings.trim()}`;
52
+ }
53
+ }
54
+ exports.BrowserCookieStorage = BrowserCookieStorage;
55
+ //# sourceMappingURL=BrowserCookieStorage.js.map
package/dist/cjs/shared/lib/BrowserCookieStorage.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"BrowserCookieStorage.js","sourceRoot":"","sources":["../../../../src/shared/lib/BrowserCookieStorage.ts"],"names":[],"mappings":";;;AAAA,wDAGiC;AAEjC,4CAA4C;AAC5C,SAAS,WAAW;IAClB,IAAI,OAAO,UAAU,CAAC,MAAM,KAAK,WAAW;QAAE,OAAO,UAAU,CAAC,QAAQ,CAAC;IACzE,MAAM,KAAK,GAAG,IAAI,KAAK,EAAE,CAAC,KAAK,CAAC;IAChC,MAAM,IAAI,KAAK,CACb,gDAAgD,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CACzE,CAAC;AACJ,CAAC;AAED,MAAa,oBAAqB,SAAQ,0BAAa;IACrD,YAAY,SAAyC,EAAE;QACrD,KAAK,CAAC;YACJ,4BAA4B;YAC5B,MAAM,EAAE,KAAK;YACb,QAAQ,EAAE,KAAK;YACf,GAAG,MAAM;SACV,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,OAAO,CACL,WAAW,EAAE;aACV,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC;aACjB,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YACf,MAAM,CAAC,SAAS,EAAE,WAAW,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACnD,IAAI,SAAS,EAAE,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;gBAC9B,OAAO,WAAW,CAAC,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YAC9D,CAAC;QACH,CAAC,CAAC,IAAI,IAAI,CACb,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW,EAAE,KAAa;QAClC,MAAM,YAAY,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC/B,IAAI,cAAc,GAAG,EAAE,CAAC;QAExB,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;YAClB,cAAc,IAAI,QAAQ,QAAQ,CAAC,IAAI,IAAI,CAAC;QAC9C,CAAC;QACD,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YACrB,cAAc,IAAI,WAAW,QAAQ,CAAC,OAAO,IAAI,CAAC;QACpD,CAAC;QACD,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;YACpB,cAAc,IAAI,UAAU,CAAC;QAC/B,CAAC;QACD,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtB,qFAAqF;YACrF,OAAO,CAAC,IAAI,CACV,uEAAuE,CACxE,CAAC;QACJ,CAAC;QACD,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtB,cAAc,IAAI,YAAY,QAAQ,CAAC,QAAQ,IAAI,CAAC;QACtD,CAAC;QAED,WAAW,EAAE,CAAC,MAAM,GAAG,GAAG,GAAG,IAAI,YAAY,KAAK,cAAc,CAAC,IAAI,EAAE,EAAE,CAAC;IAC5E,CAAC;CACF;AAjDD,oDAiDC","sourcesContent":["import {\n CookieStorage,\n type CookieStorageSettings,\n} from \"@/shared/lib/storage.js\";\n\n// Ensure only runs in a browser environment\nfunction documentObj() {\n if (typeof globalThis.window !== \"undefined\") return globalThis.document;\n const stack = new Error().stack;\n throw new Error(\n \"Document is not available in this environment:\" + JSON.stringify(stack),\n );\n}\n\nexport class BrowserCookieStorage extends CookieStorage {\n constructor(config: Partial<CookieStorageSettings> = {}) {\n super({\n // sensible browser defaults\n secure: false,\n httpOnly: false,\n ...config,\n });\n }\n\n async get(key: string): Promise<string | null> {\n return (\n documentObj()\n .cookie.split(\";\")\n .find((cookie) => {\n const [cookieKey, cookieValue] = cookie.split(\"=\");\n if (cookieKey?.trim() === key) {\n return cookieValue ? decodeURIComponent(cookieValue) : null;\n }\n }) ?? null\n );\n }\n\n async set(key: string, value: string): Promise<void> {\n const encodedValue = encodeURIComponent(value);\n const settings = this.settings;\n let cookieSettings = \"\";\n\n if (settings.path) {\n cookieSettings += `Path=${settings.path}; `;\n }\n if (settings.expires) {\n cookieSettings += `Expires=${settings.expires}; `;\n }\n if (settings.secure) {\n cookieSettings += `Secure; `;\n }\n if (settings.httpOnly) {\n // HttpOnly cannot be set from client-side JavaScript, so this clause can be omitted.\n console.warn(\n \"HttpOnly cannot be set on client-side cookies. Ignoring this setting.\",\n );\n }\n if (settings.sameSite) {\n cookieSettings += `SameSite=${settings.sameSite}; `;\n }\n\n documentObj().cookie = `${key}=${encodedValue}; ${cookieSettings.trim()}`;\n }\n}\n"]}
package/dist/cjs/shared/version.d.ts CHANGED
@@ -1,2 +1,2 @@
1
- export declare const VERSION = "@civic/auth:0.2.4";
1
+ export declare const VERSION = "@civic/auth:0.2.5-alpha.1";
2
2
  //# sourceMappingURL=version.d.ts.map
package/dist/cjs/shared/version.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../../../src/shared/version.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,OAAO,sBAAsB,CAAC"}
1
+ {"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../../../src/shared/version.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,OAAO,8BAA8B,CAAC"}
package/dist/cjs/shared/version.js CHANGED
@@ -2,5 +2,5 @@
2
2
  // This is an auto-generated file. Do not edit.
3
3
  Object.defineProperty(exports, "__esModule", { value: true });
4
4
  exports.VERSION = void 0;
5
- exports.VERSION = "@civic/auth:0.2.4";
5
+ exports.VERSION = "@civic/auth:0.2.5-alpha.1";
6
6
  //# sourceMappingURL=version.js.map
package/dist/cjs/shared/version.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"version.js","sourceRoot":"","sources":["../../../src/shared/version.ts"],"names":[],"mappings":";AAAA,+CAA+C;;;AAElC,QAAA,OAAO,GAAG,mBAAmB,CAAC","sourcesContent":["// This is an auto-generated file. Do not edit.\n\nexport const VERSION = \"@civic/auth:0.2.4\";\n"]}
1
+ {"version":3,"file":"version.js","sourceRoot":"","sources":["../../../src/shared/version.ts"],"names":[],"mappings":";AAAA,+CAA+C;;;AAElC,QAAA,OAAO,GAAG,2BAA2B,CAAC","sourcesContent":["// This is an auto-generated file. Do not edit.\n\nexport const VERSION = \"@civic/auth:0.2.5-alpha.1\";\n"]}
package/dist/esm/nextjs/config.d.ts CHANGED
@@ -17,13 +17,21 @@ export type AuthConfigWithDefaults = {
17
17
  exclude: string[];
18
18
  cookies: CookiesConfigObject;
19
19
  };
20
- export type AuthConfig = Partial<AuthConfigWithDefaults & {
21
- cookies: {
22
- tokens: Partial<TokensCookieConfig>;
23
- user: CookieConfig;
20
+ /**
21
+ * All possible config values for Civic Auth
22
+ */
23
+ export type OptionalAuthConfig = Partial<AuthConfigWithDefaults | {
24
+ cookies?: {
25
+ tokens?: Partial<TokensCookieConfig>;
26
+ user?: CookieConfig;
24
27
  };
25
28
  }>;
26
- export type DefinedAuthConfig = AuthConfigWithDefaults;
29
+ /**
30
+ * Configuration values that are required for Civic Auth to work.
31
+ */
32
+ export type AuthConfig = OptionalAuthConfig & {
33
+ clientId: string;
34
+ };
27
35
  /**
28
36
  * Default configuration values that will be used if not overridden
29
37
  */
@@ -48,13 +56,23 @@ export declare const defaultAuthConfig: Omit<AuthConfigWithDefaults, "clientId">
48
56
  * })
49
57
  * ```
50
58
  */
51
- export declare const resolveAuthConfig: (config?: AuthConfig) => AuthConfigWithDefaults;
59
+ export declare const resolveAuthConfig: (config?: Partial<AuthConfig>) => AuthConfigWithDefaults;
52
60
  /**
53
61
  * Creates a Next.js plugin that handles auth configuration.
54
62
  *
55
63
  * This is the main configuration point for the auth system.
56
64
  * Do not set _civic_auth_* environment variables directly - instead,
57
- * pass your configuration here:
65
+ * pass your configuration here.
66
+ *
67
+ * The only required field is clientId.
68
+ *
69
+ * @example
70
+ * ```js
71
+ * // next.config.js
72
+ * export default createCivicAuthPlugin({
73
+ * clientId: 'my-client-id',
74
+ * });
75
+ * ```
58
76
  *
59
77
  * @example
60
78
  * ```js
@@ -73,7 +91,7 @@ export declare const resolveAuthConfig: (config?: AuthConfig) => AuthConfigWithD
73
91
  * The plugin sets internal environment variables that are used by
74
92
  * the auth system. These variables should not be set manually.
75
93
  */
76
- export declare const createCivicAuthPlugin: (authConfig: AuthConfig & Pick<Required<AuthConfig>, "clientId">) => (nextConfig?: NextConfig) => {
94
+ export declare const createCivicAuthPlugin: (authConfig: AuthConfig) => (nextConfig?: NextConfig) => {
77
95
  env: {
78
96
  _civic_auth_client_id: string;
79
97
  _civic_oauth_server: string;
package/dist/esm/nextjs/config.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/nextjs/config.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAGvC,OAAO,EAEL,KAAK,YAAY,EAEjB,KAAK,kBAAkB,EACxB,MAAM,uBAAuB,CAAC;AAM/B,MAAM,MAAM,mBAAmB,GAAG;IAChC,MAAM,EAAE,kBAAkB,CAAC;IAC3B,IAAI,EAAE,YAAY,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,sBAAsB,GAAG;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,mBAAmB,CAAC;CAC9B,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG,OAAO,CAC9B,sBAAsB,GAAG;IACvB,OAAO,EAAE;QACP,MAAM,EAAE,OAAO,CAAC,kBAAkB,CAAC,CAAC;QACpC,IAAI,EAAE,YAAY,CAAC;KACpB,CAAC;CACH,CACF,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG,sBAAsB,CAAC;AAGvD;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,IAAI,CAAC,sBAAsB,EAAE,UAAU,CA+DtE,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,eAAO,MAAM,iBAAiB,YACpB,UAAU,KACjB,sBAoCF,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,eAAO,MAAM,qBAAqB,eACpB,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,UAAU,CAAC,mBAE1C,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qBAyBi0a,CAAC;6BAAsG,CAAC;;;sBAAke,CAAC;yBAA4H,CAAC;;;qBAA+H,CAAC;;;;;;;;;;;;;;;;;;iBAA8pE,CAAC;;;;;;;6BAAg6C,CAAC;sBAAoC,CAAC;;aAAoC,CAAC;;6BAA0D,CAAC;oBAA8B,CAAC;0BAAkE,CAAC;;qBAA2C,CAAC;mBAAiC,CAAC;;wBAA+C,CAAC;eAAmD,CAAC;iBAA4C,CAAC;2BAAyC,CAAC;;;;;;;;;yBAA4zC,CAAC;6BAAwC,CAAC;;;eAAkD,CAAC;mBAAuB,CAAC;;;;CAD1onB,CAAC"}
1
+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/nextjs/config.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAGvC,OAAO,EAEL,KAAK,YAAY,EAEjB,KAAK,kBAAkB,EACxB,MAAM,uBAAuB,CAAC;AAM/B,MAAM,MAAM,mBAAmB,GAAG;IAChC,MAAM,EAAE,kBAAkB,CAAC;IAC3B,IAAI,EAAE,YAAY,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,sBAAsB,GAAG;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,mBAAmB,CAAC;CAC9B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG,OAAO,CACpC,sBAAsB,GACtB;IACE,OAAO,CAAC,EAAE;QACR,MAAM,CAAC,EAAE,OAAO,CAAC,kBAAkB,CAAC,CAAC;QACrC,IAAI,CAAC,EAAE,YAAY,CAAC;KACrB,CAAC;CACH,CACJ,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG,kBAAkB,GAAG;IAAE,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC;AAKnE;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,IAAI,CAAC,sBAAsB,EAAE,UAAU,CAsEtE,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,eAAO,MAAM,iBAAiB,YACpB,OAAO,CAAC,UAAU,CAAC,KAC1B,sBAoCF,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,eAAO,MAAM,qBAAqB,eAAgB,UAAU,mBACrC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qBAyB6tZ,CAAC;6BAAsG,CAAC;;;sBAAke,CAAC;yBAA4H,CAAC;;;qBAA+H,CAAC;;;;;;;;;;;;;;;;;;iBAA8pE,CAAC;;;;;;;6BAAg6C,CAAC;sBAAoC,CAAC;;aAAoC,CAAC;;6BAA0D,CAAC;oBAA8B,CAAC;0BAAkE,CAAC;;qBAA2C,CAAC;mBAAiC,CAAC;;wBAA+C,CAAC;eAAmD,CAAC;iBAA4C,CAAC;2BAAyC,CAAC;;;;;;;;;yBAA4zC,CAAC;6BAAwC,CAAC;;;eAAkD,CAAC;mBAAuB,CAAC;;;;CADtimB,CAAC"}
package/dist/esm/nextjs/config.js CHANGED
@@ -5,6 +5,7 @@ import { DEFAULT_AUTH_SERVER } from "../constants.js";
5
5
  import { merge } from "ts-deepmerge";
6
6
  const logger = loggers.nextjs.handlers.auth;
7
7
  const defaultServerSecure = !(process.env.NODE_ENV === "development");
8
+ const defaultCookiesMaxAge = 60 * 60; // 1 hour
8
9
  /**
9
10
  * Default configuration values that will be used if not overridden
10
11
  */
@@ -25,42 +26,49 @@ export const defaultAuthConfig = {
25
26
  httpOnly: true,
26
27
  sameSite: "strict",
27
28
  path: "/",
29
+ maxAge: defaultCookiesMaxAge,
28
30
  },
29
31
  [OAuthTokens.ACCESS_TOKEN]: {
30
32
  secure: defaultServerSecure,
31
33
  httpOnly: true,
32
34
  sameSite: "strict",
33
35
  path: "/",
36
+ maxAge: defaultCookiesMaxAge,
34
37
  },
35
38
  [OAuthTokens.REFRESH_TOKEN]: {
36
39
  secure: defaultServerSecure,
37
40
  httpOnly: true,
38
41
  sameSite: "strict",
39
42
  path: "/",
43
+ maxAge: defaultCookiesMaxAge,
40
44
  },
41
45
  [OAuthTokens.EXPIRES_IN]: {
42
46
  secure: defaultServerSecure,
43
47
  httpOnly: false, // we need this to be available client-side
44
48
  sameSite: "strict",
45
49
  path: "/",
50
+ maxAge: defaultCookiesMaxAge,
46
51
  },
47
52
  [OAuthTokens.TIMESTAMP]: {
48
53
  secure: defaultServerSecure,
49
54
  httpOnly: false, // we need this to be available client-side
50
55
  sameSite: "strict",
51
56
  path: "/",
57
+ maxAge: defaultCookiesMaxAge,
52
58
  },
53
59
  [CodeVerifier.COOKIE_NAME]: {
54
60
  secure: defaultServerSecure,
55
61
  httpOnly: true,
56
62
  sameSite: "strict",
57
63
  path: "/",
64
+ maxAge: defaultCookiesMaxAge,
58
65
  },
59
66
  [CodeVerifier.APP_URL]: {
60
67
  secure: defaultServerSecure,
61
68
  httpOnly: true,
62
69
  sameSite: "strict",
63
70
  path: "/",
71
+ maxAge: defaultCookiesMaxAge,
64
72
  },
65
73
  },
66
74
  user: {
@@ -68,7 +76,7 @@ export const defaultAuthConfig = {
68
76
  httpOnly: false, // we need this to be available client-side
69
77
  sameSite: "strict",
70
78
  path: "/",
71
- maxAge: 60 * 60, // 1 hour
79
+ maxAge: defaultCookiesMaxAge,
72
80
  },
73
81
  },
74
82
  };
@@ -122,7 +130,17 @@ export const resolveAuthConfig = (config = {}) => {
122
130
  *
123
131
  * This is the main configuration point for the auth system.
124
132
  * Do not set _civic_auth_* environment variables directly - instead,
125
- * pass your configuration here:
133
+ * pass your configuration here.
134
+ *
135
+ * The only required field is clientId.
136
+ *
137
+ * @example
138
+ * ```js
139
+ * // next.config.js
140
+ * export default createCivicAuthPlugin({
141
+ * clientId: 'my-client-id',
142
+ * });
143
+ * ```
126
144
  *
127
145
  * @example
128
146
  * ```js
@@ -144,7 +162,7 @@ export const resolveAuthConfig = (config = {}) => {
144
162
  export const createCivicAuthPlugin = (authConfig) => {
145
163
  return (nextConfig) => {
146
164
  logger.debug("createCivicAuthPlugin nextConfig", JSON.stringify(nextConfig, null, 2));
147
- const resolvedConfig = resolveAuthConfig({ ...authConfig });
165
+ const resolvedConfig = resolveAuthConfig(authConfig);
148
166
  return {
149
167
  ...nextConfig,
150
168
  env: {
package/dist/esm/nextjs/config.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/nextjs/config.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EACL,YAAY,EAEZ,WAAW,GAEZ,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,KAAK,EAAE,MAAM,cAAc,CAAC;AAErC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;AAgC5C,MAAM,mBAAmB,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa,CAAC,CAAC;AACtE;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAA6C;IACzE,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,oBAAoB;IACjC,YAAY,EAAE,qBAAqB;IACnC,UAAU,EAAE,mBAAmB;IAC/B,SAAS,EAAE,kBAAkB;IAC7B,iBAAiB,EAAE,0BAA0B;IAC7C,QAAQ,EAAE,GAAG;IACb,OAAO,EAAE,CAAC,IAAI,CAAC;IACf,OAAO,EAAE,EAAE;IACX,OAAO,EAAE;QACP,MAAM,EAAE;YACN,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE;gBACtB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,WAAW,CAAC,YAAY,CAAC,EAAE;gBAC1B,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,WAAW,CAAC,aAAa,CAAC,EAAE;gBAC3B,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE;gBACxB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,KAAK,EAAE,2CAA2C;gBAC5D,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE;gBACvB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,KAAK,EAAE,2CAA2C;gBAC5D,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,YAAY,CAAC,WAAW,CAAC,EAAE;gBAC1B,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE;gBACtB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;SACF;QACD,IAAI,EAAE;YACJ,MAAM,EAAE,mBAAmB;YAC3B,QAAQ,EAAE,KAAK,EAAE,2CAA2C;YAC5D,QAAQ,EAAE,QAAQ;YAClB,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,EAAE,GAAG,EAAE,EAAE,SAAS;SAC3B;KACF;CACF,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAC/B,SAAqB,EAAE,EACC,EAAE;IAC1B,0EAA0E;IAC1E,MAAM,aAAa,GAAG,gBAAgB,CAAC;QACrC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;QAC3C,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB;QAC5C,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB;QACjD,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;QACnD,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;QAC3C,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB;QAC7C,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,+BAA+B;QAC9D,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG,CAAC;QACrD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG,CAAC;QACrD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;YAC5C,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;YACnD,CAAC,CAAC,SAAS;KACd,CAAe,CAAC;IAEjB,6CAA6C;IAC7C,MAAM,YAAY,GAAG,KAAK,CAAC,WAAW,CACpC,EAAE,WAAW,EAAE,KAAK,EAAE,EACtB,iBAAiB,EACjB,aAAa,EACb,MAAM,CACP,CAAC;IAEF,MAAM,CAAC,KAAK,CACV,0BAA0B,EAC1B,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CACvC,CAAC;IACF,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAExE,IAAI,YAAY,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IAED,OAAO,YAA6D,CAAC;AACvE,CAAC,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CACnC,UAA+D,EAC/D,EAAE;IACF,OAAO,CAAC,UAAuB,EAAE,EAAE;QACjC,MAAM,CAAC,KAAK,CACV,kCAAkC,EAClC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CACpC,CAAC;QACF,MAAM,cAAc,GAAG,iBAAiB,CAAC,EAAE,GAAG,UAAU,EAAE,CAAC,CAAC;QAC5D,OAAO;YACL,GAAG,UAAU;YACb,GAAG,EAAE;gBACH,GAAG,UAAU,EAAE,GAAG;gBAClB,6DAA6D;gBAC7D,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,mBAAmB,EAAE,cAAc,CAAC,WAAW;gBAC/C,wBAAwB,EAAE,cAAc,CAAC,WAAW;gBACpD,yBAAyB,EAAE,cAAc,CAAC,YAAY;gBACtD,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,sBAAsB,EAAE,cAAc,CAAC,SAAS;gBAChD,+BAA+B,EAAE,cAAc,CAAC,iBAAiB;gBACjE,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtD,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtD,yBAAyB,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,OAAO,CAAC;aAClE;SACF,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC,CAAC","sourcesContent":["/* eslint-disable turbo/no-undeclared-env-vars */\nimport type { NextConfig } from \"next\";\nimport { loggers } from \"@/lib/logger.js\";\nimport { withoutUndefined } from \"@/utils.js\";\nimport {\n CodeVerifier,\n type CookieConfig,\n OAuthTokens,\n type TokensCookieConfig,\n} from \"@/shared/lib/types.js\";\nimport { DEFAULT_AUTH_SERVER } from \"@/constants.js\";\nimport { merge } from \"ts-deepmerge\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nexport type CookiesConfigObject = {\n tokens: TokensCookieConfig;\n user: CookieConfig;\n};\n\nexport type AuthConfigWithDefaults = {\n clientId: string;\n oauthServer: string;\n callbackUrl: string;\n loginUrl: string;\n logoutUrl: string;\n logoutCallbackUrl: string;\n challengeUrl: string;\n refreshUrl: string;\n include: string[];\n exclude: string[];\n cookies: CookiesConfigObject;\n};\n\nexport type AuthConfig = Partial<\n AuthConfigWithDefaults & {\n cookies: {\n tokens: Partial<TokensCookieConfig>;\n user: CookieConfig;\n };\n }\n>;\n\nexport type DefinedAuthConfig = AuthConfigWithDefaults;\n\nconst defaultServerSecure = !(process.env.NODE_ENV === \"development\");\n/**\n * Default configuration values that will be used if not overridden\n */\nexport const defaultAuthConfig: Omit<AuthConfigWithDefaults, \"clientId\"> = {\n oauthServer: DEFAULT_AUTH_SERVER,\n callbackUrl: \"/api/auth/callback\",\n challengeUrl: \"/api/auth/challenge\",\n refreshUrl: \"/api/auth/refresh\",\n logoutUrl: \"/api/auth/logout\",\n logoutCallbackUrl: \"/api/auth/logoutcallback\",\n loginUrl: \"/\",\n include: [\"/*\"],\n exclude: [],\n cookies: {\n tokens: {\n [OAuthTokens.ID_TOKEN]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n },\n [OAuthTokens.ACCESS_TOKEN]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n },\n [OAuthTokens.REFRESH_TOKEN]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n },\n [OAuthTokens.EXPIRES_IN]: {\n secure: defaultServerSecure,\n httpOnly: false, // we need this to be available client-side\n sameSite: \"strict\",\n path: \"/\",\n },\n [OAuthTokens.TIMESTAMP]: {\n secure: defaultServerSecure,\n httpOnly: false, // we need this to be available client-side\n sameSite: \"strict\",\n path: \"/\",\n },\n [CodeVerifier.COOKIE_NAME]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n },\n [CodeVerifier.APP_URL]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n },\n },\n user: {\n secure: defaultServerSecure,\n httpOnly: false, // we need this to be available client-side\n sameSite: \"strict\",\n path: \"/\",\n maxAge: 60 * 60, // 1 hour\n },\n },\n};\n\n/**\n * Resolves the authentication configuration by combining:\n * 1. Default values\n * 2. Environment variables (set internally by the plugin)\n * 3. Explicitly passed configuration\n *\n * Config will be merged deeply, with arrays not merged, so that the\n * default include list (for example) [\"/*\"] will not be added\n *\n * Note: Developers should not set _civic_auth_* environment variables directly.\n * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n * callbackUrl: '/custom/callback',\n * })\n * ```\n */\nexport const resolveAuthConfig = (\n config: AuthConfig = {},\n): AuthConfigWithDefaults => {\n // Read configuration that was set by the plugin via environment variables\n const configFromEnv = withoutUndefined({\n clientId: process.env._civic_auth_client_id,\n oauthServer: process.env._civic_oauth_server,\n callbackUrl: process.env._civic_auth_callback_url,\n challengeUrl: process.env._civic_auth_challenge_url,\n loginUrl: process.env._civic_auth_login_url,\n logoutUrl: process.env._civic_auth_logout_url,\n logoutCallbackUrl: process.env._civic_auth_logout_callback_url,\n include: process.env._civic_auth_includes?.split(\",\"),\n exclude: process.env._civic_auth_excludes?.split(\",\"),\n cookies: process.env._civic_auth_cookie_config\n ? JSON.parse(process.env._civic_auth_cookie_config)\n : undefined,\n }) as AuthConfig;\n\n // Perform a deep merge of the configurations\n const mergedConfig = merge.withOptions(\n { mergeArrays: false },\n defaultAuthConfig,\n configFromEnv,\n config,\n );\n\n logger.debug(\n \"Config from environment:\",\n JSON.stringify(configFromEnv, null, 2),\n );\n logger.debug(\"Resolved config:\", JSON.stringify(mergedConfig, null, 2));\n\n if (mergedConfig.clientId === undefined) {\n throw new Error(\"Civic Auth client ID is required\");\n }\n\n return mergedConfig as AuthConfigWithDefaults & { clientId: string };\n};\n\n/**\n * Creates a Next.js plugin that handles auth configuration.\n *\n * This is the main configuration point for the auth system.\n * Do not set _civic_auth_* environment variables directly - instead,\n * pass your configuration here:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n * clientId: 'my-client-id',\n * callbackUrl: '/custom/callback',\n * loginUrl: '/custom/login',\n * logoutUrl: '/custom/logout',\n * logoutCallbackUrl: '/custom/logoutcallback',\n * include: ['/protected/*'],\n * exclude: ['/public/*']\n * })\n * ```\n *\n * The plugin sets internal environment variables that are used by\n * the auth system. These variables should not be set manually.\n */\nexport const createCivicAuthPlugin = (\n authConfig: AuthConfig & Pick<Required<AuthConfig>, \"clientId\">,\n) => {\n return (nextConfig?: NextConfig) => {\n logger.debug(\n \"createCivicAuthPlugin nextConfig\",\n JSON.stringify(nextConfig, null, 2),\n );\n const resolvedConfig = resolveAuthConfig({ ...authConfig });\n return {\n ...nextConfig,\n env: {\n ...nextConfig?.env,\n // Internal environment variables - do not set these manually\n _civic_auth_client_id: resolvedConfig.clientId,\n _civic_oauth_server: resolvedConfig.oauthServer,\n _civic_auth_callback_url: resolvedConfig.callbackUrl,\n _civic_auth_challenge_url: resolvedConfig.challengeUrl,\n _civic_auth_login_url: resolvedConfig.loginUrl,\n _civic_auth_logout_url: resolvedConfig.logoutUrl,\n _civic_auth_logout_callback_url: resolvedConfig.logoutCallbackUrl,\n _civic_auth_includes: resolvedConfig.include.join(\",\"),\n _civic_auth_excludes: resolvedConfig.exclude.join(\",\"),\n _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies),\n },\n };\n };\n};\n"]}
1
+ {"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/nextjs/config.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EACL,YAAY,EAEZ,WAAW,GAEZ,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,KAAK,EAAE,MAAM,cAAc,CAAC;AAErC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;AAuC5C,MAAM,mBAAmB,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa,CAAC,CAAC;AACtE,MAAM,oBAAoB,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,SAAS;AAE/C;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAA6C;IACzE,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,oBAAoB;IACjC,YAAY,EAAE,qBAAqB;IACnC,UAAU,EAAE,mBAAmB;IAC/B,SAAS,EAAE,kBAAkB;IAC7B,iBAAiB,EAAE,0BAA0B;IAC7C,QAAQ,EAAE,GAAG;IACb,OAAO,EAAE,CAAC,IAAI,CAAC;IACf,OAAO,EAAE,EAAE;IACX,OAAO,EAAE;QACP,MAAM,EAAE;YACN,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE;gBACtB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;gBACT,MAAM,EAAE,oBAAoB;aAC7B;YACD,CAAC,WAAW,CAAC,YAAY,CAAC,EAAE;gBAC1B,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;gBACT,MAAM,EAAE,oBAAoB;aAC7B;YACD,CAAC,WAAW,CAAC,aAAa,CAAC,EAAE;gBAC3B,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;gBACT,MAAM,EAAE,oBAAoB;aAC7B;YACD,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE;gBACxB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,KAAK,EAAE,2CAA2C;gBAC5D,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;gBACT,MAAM,EAAE,oBAAoB;aAC7B;YACD,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE;gBACvB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,KAAK,EAAE,2CAA2C;gBAC5D,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;gBACT,MAAM,EAAE,oBAAoB;aAC7B;YACD,CAAC,YAAY,CAAC,WAAW,CAAC,EAAE;gBAC1B,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;gBACT,MAAM,EAAE,oBAAoB;aAC7B;YACD,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE;gBACtB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;gBACT,MAAM,EAAE,oBAAoB;aAC7B;SACF;QACD,IAAI,EAAE;YACJ,MAAM,EAAE,mBAAmB;YAC3B,QAAQ,EAAE,KAAK,EAAE,2CAA2C;YAC5D,QAAQ,EAAE,QAAQ;YAClB,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,oBAAoB;SAC7B;KACF;CACF,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAC/B,SAA8B,EAAE,EACR,EAAE;IAC1B,0EAA0E;IAC1E,MAAM,aAAa,GAAG,gBAAgB,CAAC;QACrC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;QAC3C,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB;QAC5C,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB;QACjD,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;QACnD,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;QAC3C,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB;QAC7C,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,+BAA+B;QAC9D,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG,CAAC;QACrD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG,CAAC;QACrD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;YAC5C,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;YACnD,CAAC,CAAC,SAAS;KACd,CAAe,CAAC;IAEjB,6CAA6C;IAC7C,MAAM,YAAY,GAAG,KAAK,CAAC,WAAW,CACpC,EAAE,WAAW,EAAE,KAAK,EAAE,EACtB,iBAAiB,EACjB,aAAa,EACb,MAAM,CACP,CAAC;IAEF,MAAM,CAAC,KAAK,CACV,0BAA0B,EAC1B,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CACvC,CAAC;IACF,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAExE,IAAI,YAAY,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IAED,OAAO,YAA6D,CAAC;AACvE,CAAC,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,UAAsB,EAAE,EAAE;IAC9D,OAAO,CAAC,UAAuB,EAAE,EAAE;QACjC,MAAM,CAAC,KAAK,CACV,kCAAkC,EAClC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CACpC,CAAC;QACF,MAAM,cAAc,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;QACrD,OAAO;YACL,GAAG,UAAU;YACb,GAAG,EAAE;gBACH,GAAG,UAAU,EAAE,GAAG;gBAClB,6DAA6D;gBAC7D,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,mBAAmB,EAAE,cAAc,CAAC,WAAW;gBAC/C,wBAAwB,EAAE,cAAc,CAAC,WAAW;gBACpD,yBAAyB,EAAE,cAAc,CAAC,YAAY;gBACtD,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,sBAAsB,EAAE,cAAc,CAAC,SAAS;gBAChD,+BAA+B,EAAE,cAAc,CAAC,iBAAiB;gBACjE,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtD,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtD,yBAAyB,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,OAAO,CAAC;aAClE;SACF,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC,CAAC","sourcesContent":["/* eslint-disable turbo/no-undeclared-env-vars */\nimport type { NextConfig } from \"next\";\nimport { loggers } from \"@/lib/logger.js\";\nimport { withoutUndefined } from \"@/utils.js\";\nimport {\n CodeVerifier,\n type CookieConfig,\n OAuthTokens,\n type TokensCookieConfig,\n} from \"@/shared/lib/types.js\";\nimport { DEFAULT_AUTH_SERVER } from \"@/constants.js\";\nimport { merge } from \"ts-deepmerge\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nexport type CookiesConfigObject = {\n tokens: TokensCookieConfig;\n user: CookieConfig;\n};\n\nexport type AuthConfigWithDefaults = {\n clientId: string;\n oauthServer: string;\n callbackUrl: string;\n loginUrl: string;\n logoutUrl: string;\n logoutCallbackUrl: string;\n challengeUrl: string;\n refreshUrl: string;\n include: string[];\n exclude: string[];\n cookies: CookiesConfigObject;\n};\n\n/**\n * All possible config values for Civic Auth\n */\nexport type OptionalAuthConfig = Partial<\n | AuthConfigWithDefaults\n | {\n cookies?: {\n tokens?: Partial<TokensCookieConfig>;\n user?: CookieConfig;\n };\n }\n>;\n\n/**\n * Configuration values that are required for Civic Auth to work.\n */\nexport type AuthConfig = OptionalAuthConfig & { clientId: string };\n\nconst defaultServerSecure = !(process.env.NODE_ENV === \"development\");\nconst defaultCookiesMaxAge = 60 * 60; // 1 hour\n\n/**\n * Default configuration values that will be used if not overridden\n */\nexport const defaultAuthConfig: Omit<AuthConfigWithDefaults, \"clientId\"> = {\n oauthServer: DEFAULT_AUTH_SERVER,\n callbackUrl: \"/api/auth/callback\",\n challengeUrl: \"/api/auth/challenge\",\n refreshUrl: \"/api/auth/refresh\",\n logoutUrl: \"/api/auth/logout\",\n logoutCallbackUrl: \"/api/auth/logoutcallback\",\n loginUrl: \"/\",\n include: [\"/*\"],\n exclude: [],\n cookies: {\n tokens: {\n [OAuthTokens.ID_TOKEN]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n maxAge: defaultCookiesMaxAge,\n },\n [OAuthTokens.ACCESS_TOKEN]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n maxAge: defaultCookiesMaxAge,\n },\n [OAuthTokens.REFRESH_TOKEN]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n maxAge: defaultCookiesMaxAge,\n },\n [OAuthTokens.EXPIRES_IN]: {\n secure: defaultServerSecure,\n httpOnly: false, // we need this to be available client-side\n sameSite: \"strict\",\n path: \"/\",\n maxAge: defaultCookiesMaxAge,\n },\n [OAuthTokens.TIMESTAMP]: {\n secure: defaultServerSecure,\n httpOnly: false, // we need this to be available client-side\n sameSite: \"strict\",\n path: \"/\",\n maxAge: defaultCookiesMaxAge,\n },\n [CodeVerifier.COOKIE_NAME]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n maxAge: defaultCookiesMaxAge,\n },\n [CodeVerifier.APP_URL]: {\n secure: defaultServerSecure,\n httpOnly: true,\n sameSite: \"strict\",\n path: \"/\",\n maxAge: defaultCookiesMaxAge,\n },\n },\n user: {\n secure: defaultServerSecure,\n httpOnly: false, // we need this to be available client-side\n sameSite: \"strict\",\n path: \"/\",\n maxAge: defaultCookiesMaxAge,\n },\n },\n};\n\n/**\n * Resolves the authentication configuration by combining:\n * 1. Default values\n * 2. Environment variables (set internally by the plugin)\n * 3. Explicitly passed configuration\n *\n * Config will be merged deeply, with arrays not merged, so that the\n * default include list (for example) [\"/*\"] will not be added\n *\n * Note: Developers should not set _civic_auth_* environment variables directly.\n * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n * callbackUrl: '/custom/callback',\n * })\n * ```\n */\nexport const resolveAuthConfig = (\n config: Partial<AuthConfig> = {},\n): AuthConfigWithDefaults => {\n // Read configuration that was set by the plugin via environment variables\n const configFromEnv = withoutUndefined({\n clientId: process.env._civic_auth_client_id,\n oauthServer: process.env._civic_oauth_server,\n callbackUrl: process.env._civic_auth_callback_url,\n challengeUrl: process.env._civic_auth_challenge_url,\n loginUrl: process.env._civic_auth_login_url,\n logoutUrl: process.env._civic_auth_logout_url,\n logoutCallbackUrl: process.env._civic_auth_logout_callback_url,\n include: process.env._civic_auth_includes?.split(\",\"),\n exclude: process.env._civic_auth_excludes?.split(\",\"),\n cookies: process.env._civic_auth_cookie_config\n ? JSON.parse(process.env._civic_auth_cookie_config)\n : undefined,\n }) as AuthConfig;\n\n // Perform a deep merge of the configurations\n const mergedConfig = merge.withOptions(\n { mergeArrays: false },\n defaultAuthConfig,\n configFromEnv,\n config,\n );\n\n logger.debug(\n \"Config from environment:\",\n JSON.stringify(configFromEnv, null, 2),\n );\n logger.debug(\"Resolved config:\", JSON.stringify(mergedConfig, null, 2));\n\n if (mergedConfig.clientId === undefined) {\n throw new Error(\"Civic Auth client ID is required\");\n }\n\n return mergedConfig as AuthConfigWithDefaults & { clientId: string };\n};\n\n/**\n * Creates a Next.js plugin that handles auth configuration.\n *\n * This is the main configuration point for the auth system.\n * Do not set _civic_auth_* environment variables directly - instead,\n * pass your configuration here.\n *\n * The only required field is clientId.\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n * clientId: 'my-client-id',\n * });\n * ```\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n * clientId: 'my-client-id',\n * callbackUrl: '/custom/callback',\n * loginUrl: '/custom/login',\n * logoutUrl: '/custom/logout',\n * logoutCallbackUrl: '/custom/logoutcallback',\n * include: ['/protected/*'],\n * exclude: ['/public/*']\n * })\n * ```\n *\n * The plugin sets internal environment variables that are used by\n * the auth system. These variables should not be set manually.\n */\nexport const createCivicAuthPlugin = (authConfig: AuthConfig) => {\n return (nextConfig?: NextConfig) => {\n logger.debug(\n \"createCivicAuthPlugin nextConfig\",\n JSON.stringify(nextConfig, null, 2),\n );\n const resolvedConfig = resolveAuthConfig(authConfig);\n return {\n ...nextConfig,\n env: {\n ...nextConfig?.env,\n // Internal environment variables - do not set these manually\n _civic_auth_client_id: resolvedConfig.clientId,\n _civic_oauth_server: resolvedConfig.oauthServer,\n _civic_auth_callback_url: resolvedConfig.callbackUrl,\n _civic_auth_challenge_url: resolvedConfig.challengeUrl,\n _civic_auth_login_url: resolvedConfig.loginUrl,\n _civic_auth_logout_url: resolvedConfig.logoutUrl,\n _civic_auth_logout_callback_url: resolvedConfig.logoutCallbackUrl,\n _civic_auth_includes: resolvedConfig.include.join(\",\"),\n _civic_auth_excludes: resolvedConfig.exclude.join(\",\"),\n _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies),\n },\n };\n };\n};\n"]}
package/dist/esm/nextjs/cookies.d.ts CHANGED
@@ -1,7 +1,8 @@
1
1
  import type { SessionData, UnknownObject, User } from "../types.js";
2
2
  import type { AuthConfig } from "../nextjs/config.js";
3
- import type { CodeVerifier, OAuthTokens, TokensCookieConfig } from "../shared/lib/types.js";
4
- import { CookieStorage, type CookieStorageSettings } from "../shared/lib/storage.js";
3
+ import type { UserStorage } from "../shared/lib/types.js";
4
+ import { type CodeVerifier, type CookieConfig, type OAuthTokens } from "../shared/lib/types.js";
5
+ import { CookieStorage } from "../shared/lib/storage.js";
5
6
  /**
6
7
  * Creates HTTP-only cookies for authentication tokens
7
8
  */
@@ -11,20 +12,15 @@ declare const createTokenCookies: (response: Response, sessionData: SessionData,
11
12
  */
12
13
  declare const createUserInfoCookie: (response: Response, user: User<UnknownObject> | null, sessionData: SessionData, config: AuthConfig) => void;
13
14
  /**
14
- * Clears all authentication cookies
15
+ * Clears all authentication cookies on server. Note, this can only be called by the server
15
16
  */
16
- declare const clearAuthCookies: (config: AuthConfig) => Promise<void>;
17
- type KeySetter = OAuthTokens | CodeVerifier;
17
+ declare const clearAuthCookies: () => Promise<void>;
18
+ type KeySetter = OAuthTokens | CodeVerifier | UserStorage;
18
19
  declare class NextjsCookieStorage extends CookieStorage {
19
- readonly config: Partial<TokensCookieConfig>;
20
- constructor(config?: Partial<TokensCookieConfig>);
20
+ readonly config: Partial<Record<KeySetter, CookieConfig>>;
21
+ constructor(config?: Partial<Record<KeySetter, CookieConfig>>);
21
22
  get(key: string): Promise<string | null>;
22
23
  set(key: KeySetter, value: string): Promise<void>;
23
24
  }
24
- declare class NextjsClientStorage extends CookieStorage {
25
- constructor(config?: Partial<CookieStorageSettings>);
26
- get(key: string): Promise<string | null>;
27
- set(key: string, value: string): Promise<void>;
28
- }
29
- export { createTokenCookies, createUserInfoCookie, clearAuthCookies, NextjsCookieStorage, NextjsClientStorage, };
25
+ export { createTokenCookies, createUserInfoCookie, clearAuthCookies, NextjsCookieStorage, };
30
26
  //# sourceMappingURL=cookies.d.ts.map