@civic/auth 0.3.2-beta.0 → 0.3.2-beta.1

package/dist/src/nextjs/hooks/useUserCookie.js

@@ -0,0 +1,88 @@
+"use client";
+import { useCallback, useEffect, useRef, useState } from "react";
+import { useRouter } from "next/navigation.js";
+import { getWindowCookieValue } from "@/lib/cookies.js";
+import { OAuthTokens, UserStorage } from "@/shared/lib/types.js";
+import { usePrevious } from "./usePrevious.js";
+import { useTransition } from "react";
+import { objectsAreEqual } from "@/lib/obj.js";
+const getUserAndTokenFromCookie = () => getWindowCookieValue([
+    {
+        key: UserStorage.USER,
+        window: globalThis.window,
+        parseJson: true,
+    },
+    {
+        key: OAuthTokens.ID_TOKEN,
+        window: globalThis.window,
+        parseJson: false,
+    },
+]);
+export const useUserCookie = () => {
+    const [user, setUser] = useState(null);
+    const [idToken, setIdToken] = useState();
+    const [userChanged, setUserChanged] = useState(false);
+    const hasRunRef = useRef(false);
+    const [isPending, startTransition] = useTransition();
+    const router = useRouter();
+    const prevUser = usePrevious(user);
+    const prevPending = usePrevious(isPending);
+    const fetchUser = useCallback(async (abortController) => {
+        if (abortController?.signal.aborted)
+            return;
+        const response = getUserAndTokenFromCookie() || {};
+        const userData = response[UserStorage.USER];
+        const tokenData = response[OAuthTokens.ID_TOKEN];
+        if (abortController?.signal.aborted)
+            return;
+        setIdToken(tokenData);
+        setUser(userData || null);
+    }, []);
+    // call fetch immediately after a refresh
+    useEffect(() => {
+        setUserChanged(false);
+        if (prevPending && !isPending) {
+            fetchUser();
+        }
+    }, [prevPending, isPending, fetchUser]);
+    useEffect(() => {
+        if (!objectsAreEqual(prevUser, user)) {
+            setUserChanged(true);
+        }
+    }, [user, prevUser]);
+    useEffect(() => {
+        let abortController = new AbortController();
+        const cookieListener = () => {
+            abortController = new AbortController();
+            fetchUser(abortController);
+        };
+        document.addEventListener("visibilitychange", cookieListener);
+        window.addEventListener("storage", cookieListener);
+        window.addEventListener("focus", cookieListener);
+        fetchUser(abortController);
+        const intervalId = setInterval(cookieListener, 2000);
+        return () => {
+            abortController.abort();
+            document.removeEventListener("visibilitychange", cookieListener);
+            window.removeEventListener("storage", cookieListener);
+            window.removeEventListener("focus", cookieListener);
+            clearInterval(intervalId);
+        };
+    }, [fetchUser]);
+    useEffect(() => {
+        if (userChanged) {
+            if (!hasRunRef.current) {
+                hasRunRef.current = true;
+                startTransition(() => {
+                    router.refresh();
+                });
+            }
+        }
+        else {
+            hasRunRef.current = false;
+        }
+        // eslint-disable-next-line react-hooks/exhaustive-deps
+    }, [userChanged]);
+    return { user, idToken, fetchUser, isPending };
+};
+//# sourceMappingURL=useUserCookie.js.map

package/dist/src/nextjs/hooks/useUserCookie.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"useUserCookie.js","sourceRoot":"","sources":["../../../../src/nextjs/hooks/useUserCookie.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AACb,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACjE,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAExD,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;AACtC,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAM/C,MAAM,yBAAyB,GAAG,GAA2B,EAAE,CAC7D,oBAAoB,CAAC;IACnB;QACE,GAAG,EAAE,WAAW,CAAC,IAAI;QACrB,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,SAAS,EAAE,IAAI;KAChB;IACD;QACE,GAAG,EAAE,WAAW,CAAC,QAAQ;QACzB,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,SAAS,EAAE,KAAK;KACjB;CACF,CAA2B,CAAC;AAE/B,MAAM,CAAC,MAAM,aAAa,GAAG,GAA0B,EAAE;IACvD,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,QAAQ,CAAiB,IAAI,CAAC,CAAC;IACvD,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,QAAQ,EAAsB,CAAC;IAC7D,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,QAAQ,CAAU,KAAK,CAAC,CAAC;IAC/D,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAChC,MAAM,CAAC,SAAS,EAAE,eAAe,CAAC,GAAG,aAAa,EAAE,CAAC;IAErD,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAE3B,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,WAAW,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IAE3C,MAAM,SAAS,GAAG,WAAW,CAC3B,KAAK,EAAE,eAAiC,EAAiB,EAAE;QACzD,IAAI,eAAe,EAAE,MAAM,CAAC,OAAO;YAAE,OAAO;QAE5C,MAAM,QAAQ,GAAG,yBAAyB,EAAE,IAAI,EAAE,CAAC;QACnD,MAAM,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAY,CAAC;QACvD,MAAM,SAAS,GAAG,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAEjD,IAAI,eAAe,EAAE,MAAM,CAAC,OAAO;YAAE,OAAO;QAE5C,UAAU,CAAC,SAAS,CAAC,CAAC;QACtB,OAAO,CAAC,QAAQ,IAAI,IAAI,CAAC,CAAC;IAC5B,CAAC,EACD,EAAE,CACH,CAAC;IAEF,yCAAyC;IACzC,SAAS,CAAC,GAAG,EAAE;QACb,cAAc,CAAC,KAAK,CAAC,CAAC;QACtB,IAAI,WAAW,IAAI,CAAC,SAAS,EAAE,CAAC;YAC9B,SAAS,EAAE,CAAC;QACd,CAAC;IACH,CAAC,EAAE,CAAC,WAAW,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;IAExC,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,CAAC;YACrC,cAAc,CAAC,IAAI,CAAC,CAAC;QACvB,CAAC;IACH,CAAC,EAAE,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;IAErB,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,eAAe,GAAG,IAAI,eAAe,EAAE,CAAC;QAC5C,MAAM,cAAc,GAAG,GAAG,EAAE;YAC1B,eAAe,GAAG,IAAI,eAAe,EAAE,CAAC;YACxC,SAAS,CAAC,eAAe,CAAC,CAAC;QAC7B,CAAC,CAAC;QAEF,QAAQ,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAC;QAC9D,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;QACnD,MAAM,CAAC,gBAAgB,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;QAEjD,SAAS,CAAC,eAAe,CAAC,CAAC;QAE3B,MAAM,UAAU,GAAG,WAAW,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;QAErD,OAAO,GAAG,EAAE;YACV,eAAe,CAAC,KAAK,EAAE,CAAC;YACxB,QAAQ,CAAC,mBAAmB,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAC;YACjE,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YACtD,MAAM,CAAC,mBAAmB,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;YACpD,aAAa,CAAC,UAAU,CAAC,CAAC;QAC5B,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;IAEhB,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;gBACvB,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC;gBACzB,eAAe,CAAC,GAAG,EAAE;oBACnB,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,CAAC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;aAAM,CAAC;YACN,SAAS,CAAC,OAAO,GAAG,KAAK,CAAC;QAC5B,CAAC;QACD,uDAAuD;IACzD,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;IAElB,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;AACjD,CAAC,CAAC","sourcesContent":["\"use client\";\nimport { useCallback, useEffect, useRef, useState } from \"react\";\nimport { useRouter } from \"next/navigation.js\";\nimport { getWindowCookieValue } from \"@/lib/cookies.js\";\nimport type { EmptyObject, User } from \"@/types.js\";\nimport { OAuthTokens, UserStorage } from \"@/shared/lib/types.js\";\nimport { usePrevious } from \"./usePrevious.js\";\nimport { useTransition } from \"react\";\nimport { objectsAreEqual } from \"@/lib/obj.js\";\n\ntype UserAndTokenFromCookie = {\n  [UserStorage.USER]: User | undefined;\n  [OAuthTokens.ID_TOKEN]: string | undefined;\n};\nconst getUserAndTokenFromCookie = (): UserAndTokenFromCookie =>\n  getWindowCookieValue([\n    {\n      key: UserStorage.USER,\n      window: globalThis.window,\n      parseJson: true,\n    },\n    {\n      key: OAuthTokens.ID_TOKEN,\n      window: globalThis.window,\n      parseJson: false,\n    },\n  ]) as UserAndTokenFromCookie;\n\nexport const useUserCookie = <T extends EmptyObject>() => {\n  const [user, setUser] = useState<User<T> | null>(null);\n  const [idToken, setIdToken] = useState<string | undefined>();\n  const [userChanged, setUserChanged] = useState<boolean>(false);\n  const hasRunRef = useRef(false);\n  const [isPending, startTransition] = useTransition();\n\n  const router = useRouter();\n\n  const prevUser = usePrevious(user);\n  const prevPending = usePrevious(isPending);\n\n  const fetchUser = useCallback(\n    async (abortController?: AbortController): Promise<void> => {\n      if (abortController?.signal.aborted) return;\n\n      const response = getUserAndTokenFromCookie() || {};\n      const userData = response[UserStorage.USER] as User<T>;\n      const tokenData = response[OAuthTokens.ID_TOKEN];\n\n      if (abortController?.signal.aborted) return;\n\n      setIdToken(tokenData);\n      setUser(userData || null);\n    },\n    [],\n  );\n\n  // call fetch immediately after a refresh\n  useEffect(() => {\n    setUserChanged(false);\n    if (prevPending && !isPending) {\n      fetchUser();\n    }\n  }, [prevPending, isPending, fetchUser]);\n\n  useEffect(() => {\n    if (!objectsAreEqual(prevUser, user)) {\n      setUserChanged(true);\n    }\n  }, [user, prevUser]);\n\n  useEffect(() => {\n    let abortController = new AbortController();\n    const cookieListener = () => {\n      abortController = new AbortController();\n      fetchUser(abortController);\n    };\n\n    document.addEventListener(\"visibilitychange\", cookieListener);\n    window.addEventListener(\"storage\", cookieListener);\n    window.addEventListener(\"focus\", cookieListener);\n\n    fetchUser(abortController);\n\n    const intervalId = setInterval(cookieListener, 2000);\n\n    return () => {\n      abortController.abort();\n      document.removeEventListener(\"visibilitychange\", cookieListener);\n      window.removeEventListener(\"storage\", cookieListener);\n      window.removeEventListener(\"focus\", cookieListener);\n      clearInterval(intervalId);\n    };\n  }, [fetchUser]);\n\n  useEffect(() => {\n    if (userChanged) {\n      if (!hasRunRef.current) {\n        hasRunRef.current = true;\n        startTransition(() => {\n          router.refresh();\n        });\n      }\n    } else {\n      hasRunRef.current = false;\n    }\n    // eslint-disable-next-line react-hooks/exhaustive-deps\n  }, [userChanged]);\n\n  return { user, idToken, fetchUser, isPending };\n};\n"]}

package/dist/src/nextjs/index.d.ts

@@ -0,0 +1,7 @@
+export { createCivicAuthPlugin } from "@/nextjs/config.js";
+export { getUser } from "@/nextjs/GetUser.js";
+export { handler } from "@/nextjs/routeHandler.js";
+export { createTokenCookies, createUserInfoCookie, clearAuthCookies, NextjsCookieStorage, NextjsClientStorage, } from "@/nextjs/cookies.js";
+export type { AuthConfig, CookiesConfigObject, AuthConfigWithDefaults, DefinedAuthConfig, } from "@/nextjs/config.js";
+export { CivicNextAuthProvider as CivicAuthProvider, type NextCivicAuthProviderProps as AuthProviderProps, } from "@/nextjs/providers/NextAuthProvider.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/src/nextjs/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/nextjs/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AACnD,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,EAChB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EACV,UAAU,EACV,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,GAClB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,qBAAqB,IAAI,iBAAiB,EAC1C,KAAK,0BAA0B,IAAI,iBAAiB,GACrD,MAAM,wCAAwC,CAAC"}

package/dist/src/nextjs/index.js

@@ -0,0 +1,8 @@
+import { printVersion } from "@/shared/index.js";
+printVersion();
+export { createCivicAuthPlugin } from "@/nextjs/config.js";
+export { getUser } from "@/nextjs/GetUser.js";
+export { handler } from "@/nextjs/routeHandler.js";
+export { createTokenCookies, createUserInfoCookie, clearAuthCookies, NextjsCookieStorage, NextjsClientStorage, } from "@/nextjs/cookies.js";
+export { CivicNextAuthProvider as CivicAuthProvider, } from "@/nextjs/providers/NextAuthProvider.js";
+//# sourceMappingURL=index.js.map

package/dist/src/nextjs/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/nextjs/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,YAAY,EAAE,CAAC;AACf,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AACnD,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,EAChB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAO7B,OAAO,EACL,qBAAqB,IAAI,iBAAiB,GAE3C,MAAM,wCAAwC,CAAC","sourcesContent":["import { printVersion } from \"@/shared/index.js\";\nprintVersion();\nexport { createCivicAuthPlugin } from \"@/nextjs/config.js\";\nexport { getUser } from \"@/nextjs/GetUser.js\";\nexport { handler } from \"@/nextjs/routeHandler.js\";\nexport {\n  createTokenCookies,\n  createUserInfoCookie,\n  clearAuthCookies,\n  NextjsCookieStorage,\n  NextjsClientStorage,\n} from \"@/nextjs/cookies.js\";\nexport type {\n  AuthConfig,\n  CookiesConfigObject,\n  AuthConfigWithDefaults,\n  DefinedAuthConfig,\n} from \"@/nextjs/config.js\";\nexport {\n  CivicNextAuthProvider as CivicAuthProvider,\n  type NextCivicAuthProviderProps as AuthProviderProps,\n} from \"@/nextjs/providers/NextAuthProvider.js\";\n"]}

package/dist/src/nextjs/middleware/index.d.ts

@@ -0,0 +1,2 @@
+export { authMiddleware, auth, withAuth } from "@/nextjs/middleware.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/src/nextjs/middleware/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/nextjs/middleware/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC"}

package/dist/src/nextjs/middleware/index.js

@@ -0,0 +1,4 @@
+import { printVersion } from "@/shared/index.js";
+printVersion();
+export { authMiddleware, auth, withAuth } from "@/nextjs/middleware.js";
+//# sourceMappingURL=index.js.map

package/dist/src/nextjs/middleware/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/nextjs/middleware/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,YAAY,EAAE,CAAC;AACf,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC","sourcesContent":["import { printVersion } from \"@/shared/index.js\";\nprintVersion();\nexport { authMiddleware, auth, withAuth } from \"@/nextjs/middleware.js\";\n"]}

package/dist/src/nextjs/middleware.d.ts

@@ -0,0 +1,59 @@
+/**
+ * Authenticates the user on all requests by checking the token cookie
+ *
+ * Usage:
+ * Option 1: use if no other middleware (e.g. no next-intl etc)
+ * export default authMiddleware();
+ *
+ * Option 2: use if other middleware is needed - default auth config
+ * export default withAuth((request) => {
+ *    console.log('in custom middleware', request.nextUrl.pathname);
+ *    return NextResponse.next();
+ * })
+ *
+ * Option 3: use if other middleware is needed - specifying auth config
+ * const withCivicAuth = auth({ loginUrl: '/login', include: ['/[.*]/user'] })
+ * export default withCivicAuth((request) => {
+ *   console.log('in custom middleware', request.url);
+ *   return NextResponse.next();
+ * })
+ *
+ */
+import type { NextRequest } from "next/server.js";
+import { NextResponse } from "next/server.js";
+import type { AuthConfig } from "@/nextjs/config.js";
+type Middleware = (request: NextRequest) => Promise<NextResponse> | NextResponse;
+/**
+ *
+ * Use this when auth is the only middleware you need.
+ * Usage:
+ *
+ * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();
+ *
+ */
+export declare const authMiddleware: (authConfig?: Partial<AuthConfig>) => (request: NextRequest) => Promise<NextResponse>;
+/**
+ * Usage:
+ *
+ * export default withAuth(async (request) => {
+ *    console.log('my middleware');
+ *    return NextResponse.next();
+ *  })
+ */
+export declare function withAuth(middleware: Middleware): (request: NextRequest) => Promise<NextResponse>;
+/**
+ * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)
+ *
+ * Usage:
+ *
+ * const withAuth = auth({ loginUrl = '/login' }); // or just auth();
+ *
+ * export default withAuth(async (request) => {
+ *    console.log('my middleware');
+ *    return NextResponse.next();
+ *  })
+ *
+ */
+export declare function auth(authConfig?: AuthConfig): (middleware: Middleware) => ((request: NextRequest) => Promise<NextResponse>);
+export {};
+//# sourceMappingURL=middleware.d.ts.map

package/dist/src/nextjs/middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../../src/nextjs/middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAGrD,KAAK,UAAU,GAAG,CAChB,OAAO,EAAE,WAAW,KACjB,OAAO,CAAC,YAAY,CAAC,GAAG,YAAY,CAAC;AAmE1C;;;;;;;GAOG;AACH,eAAO,MAAM,cAAc,gBACZ,OAAO,CAAC,UAAU,CAAC,eAChB,WAAW,KAAG,OAAO,CAAC,YAAY,CAOjD,CAAC;AAEJ;;;;;;;GAOG;AAEH,wBAAgB,QAAQ,CACtB,UAAU,EAAE,UAAU,GACrB,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,YAAY,CAAC,CAEjD;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,IAAI,CAAC,UAAU,GAAE,UAAe,gBAEhC,UAAU,KACrB,CAAC,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,YAAY,CAAC,CAAC,CAQrD"}

package/dist/src/nextjs/middleware.js

@@ -0,0 +1,107 @@
+import { NextResponse } from "next/server.js";
+import picomatch from "picomatch";
+import { resolveAuthConfig } from "@/nextjs/config.js";
+// Matches globs:
+// Examples:
+// /user
+// /user/*
+// /user/**/info
+const matchGlob = (pathname, globPattern) => {
+    const matches = picomatch(globPattern);
+    return matches(pathname);
+};
+// Matches globs:
+// Examples:
+// /user
+// /user/*
+// /user/**/info
+const matchesGlobs = (pathname, patterns) => patterns.some((pattern) => {
+    if (!pattern)
+        return false;
+    console.log("matching", {
+        pattern,
+        pathname,
+        match: matchGlob(pathname, pattern),
+    });
+    return matchGlob(pathname, pattern);
+});
+// internal - used by all exported functions
+const applyAuth = async (authConfig, request) => {
+    const authConfigWithDefaults = resolveAuthConfig(authConfig);
+    // Check for any valid auth token
+    const isAuthenticated = !!request.cookies.get("id_token");
+    // skip auth check for redirect to login url
+    if (request.nextUrl.pathname === authConfigWithDefaults.loginUrl &&
+        request.method === "GET") {
+        console.log("→ Skipping auth check - this is the login URL");
+        return undefined;
+    }
+    if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {
+        console.log("→ Skipping auth check - path not in include patterns");
+        return undefined;
+    }
+    if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {
+        console.log("→ Skipping auth check - path in exclude patterns");
+        return undefined;
+    }
+    // Check for either token type
+    if (!isAuthenticated) {
+        const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.url);
+        console.log("→ No valid token found - redirecting to login", loginUrl);
+        return NextResponse.redirect(loginUrl);
+    }
+    console.log("→ Auth check passed");
+    return undefined;
+};
+/**
+ *
+ * Use this when auth is the only middleware you need.
+ * Usage:
+ *
+ * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();
+ *
+ */
+export const authMiddleware = (authConfig = {}) => async (request) => {
+    const response = await applyAuth(authConfig, request);
+    if (response)
+        return response;
+    // NextJS doesn't do middleware chaining yet, so this does not mean
+    // "call the next middleware" - it means "continue to the route handler"
+    return NextResponse.next();
+};
+/**
+ * Usage:
+ *
+ * export default withAuth(async (request) => {
+ *    console.log('my middleware');
+ *    return NextResponse.next();
+ *  })
+ */
+// use this when you have your own middleware to chain
+export function withAuth(middleware) {
+    return auth()(middleware);
+}
+/**
+ * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)
+ *
+ * Usage:
+ *
+ * const withAuth = auth({ loginUrl = '/login' }); // or just auth();
+ *
+ * export default withAuth(async (request) => {
+ *    console.log('my middleware');
+ *    return NextResponse.next();
+ *  })
+ *
+ */
+export function auth(authConfig = {}) {
+    return (middleware) => {
+        return async (request) => {
+            const response = await applyAuth(authConfig, request);
+            if (response)
+                return response;
+            return middleware(request);
+        };
+    };
+}
+//# sourceMappingURL=middleware.js.map

package/dist/src/nextjs/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../../src/nextjs/middleware.ts"],"names":[],"mappings":"AAsBA,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,SAAS,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAMvD,iBAAiB;AACjB,YAAY;AACZ,QAAQ;AACR,UAAU;AACV,gBAAgB;AAChB,MAAM,SAAS,GAAG,CAAC,QAAgB,EAAE,WAAmB,EAAE,EAAE;IAC1D,MAAM,OAAO,GAAG,SAAS,CAAC,WAAW,CAAC,CAAC;IACvC,OAAO,OAAO,CAAC,QAAQ,CAAC,CAAC;AAC3B,CAAC,CAAC;AAEF,iBAAiB;AACjB,YAAY;AACZ,QAAQ;AACR,UAAU;AACV,gBAAgB;AAChB,MAAM,YAAY,GAAG,CAAC,QAAgB,EAAE,QAAkB,EAAE,EAAE,CAC5D,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;IACxB,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAC3B,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE;QACtB,OAAO;QACP,QAAQ;QACR,KAAK,EAAE,SAAS,CAAC,QAAQ,EAAE,OAAO,CAAC;KACpC,CAAC,CAAC;IACH,OAAO,SAAS,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;AACtC,CAAC,CAAC,CAAC;AAEL,4CAA4C;AAC5C,MAAM,SAAS,GAAG,KAAK,EACrB,UAAsB,EACtB,OAAoB,EACe,EAAE;IACrC,MAAM,sBAAsB,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAC7D,iCAAiC;IACjC,MAAM,eAAe,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAE1D,4CAA4C;IAC5C,IACE,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,sBAAsB,CAAC,QAAQ;QAC5D,OAAO,CAAC,MAAM,KAAK,KAAK,EACxB,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;QAC7D,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,sBAAsB,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5E,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;QACpE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,sBAAsB,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3E,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;QAChE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,8BAA8B;IAC9B,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,sBAAsB,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QACvE,OAAO,CAAC,GAAG,CAAC,+CAA+C,EAAE,QAAQ,CAAC,CAAC;QACvE,OAAO,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACzC,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IACnC,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,cAAc,GACzB,CAAC,aAAkC,EAAE,EAAE,EAAE,CACzC,KAAK,EAAE,OAAoB,EAAyB,EAAE;IACpD,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACtD,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE9B,mEAAmE;IACnE,wEAAwE;IACxE,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;AAC7B,CAAC,CAAC;AAEJ;;;;;;;GAOG;AACH,sDAAsD;AACtD,MAAM,UAAU,QAAQ,CACtB,UAAsB;IAEtB,OAAO,IAAI,EAAE,CAAC,UAAU,CAAC,CAAC;AAC5B,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,IAAI,CAAC,aAAyB,EAAE;IAC9C,OAAO,CACL,UAAsB,EAC6B,EAAE;QACrD,OAAO,KAAK,EAAE,OAAoB,EAAyB,EAAE;YAC3D,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YACtD,IAAI,QAAQ;gBAAE,OAAO,QAAQ,CAAC;YAE9B,OAAO,UAAU,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC","sourcesContent":["/**\n * Authenticates the user on all requests by checking the token cookie\n *\n * Usage:\n * Option 1: use if no other middleware (e.g. no next-intl etc)\n * export default authMiddleware();\n *\n * Option 2: use if other middleware is needed - default auth config\n * export default withAuth((request) => {\n *    console.log('in custom middleware', request.nextUrl.pathname);\n *    return NextResponse.next();\n * })\n *\n * Option 3: use if other middleware is needed - specifying auth config\n * const withCivicAuth = auth({ loginUrl: '/login', include: ['/[.*]/user'] })\n * export default withCivicAuth((request) => {\n *   console.log('in custom middleware', request.url);\n *   return NextResponse.next();\n * })\n *\n */\nimport type { NextRequest } from \"next/server.js\";\nimport { NextResponse } from \"next/server.js\";\nimport picomatch from \"picomatch\";\nimport type { AuthConfig } from \"@/nextjs/config.js\";\nimport { resolveAuthConfig } from \"@/nextjs/config.js\";\n\ntype Middleware = (\n  request: NextRequest,\n) => Promise<NextResponse> | NextResponse;\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchGlob = (pathname: string, globPattern: string) => {\n  const matches = picomatch(globPattern);\n  return matches(pathname);\n};\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchesGlobs = (pathname: string, patterns: string[]) =>\n  patterns.some((pattern) => {\n    if (!pattern) return false;\n    console.log(\"matching\", {\n      pattern,\n      pathname,\n      match: matchGlob(pathname, pattern),\n    });\n    return matchGlob(pathname, pattern);\n  });\n\n// internal - used by all exported functions\nconst applyAuth = async (\n  authConfig: AuthConfig,\n  request: NextRequest,\n): Promise<NextResponse | undefined> => {\n  const authConfigWithDefaults = resolveAuthConfig(authConfig);\n  // Check for any valid auth token\n  const isAuthenticated = !!request.cookies.get(\"id_token\");\n\n  // skip auth check for redirect to login url\n  if (\n    request.nextUrl.pathname === authConfigWithDefaults.loginUrl &&\n    request.method === \"GET\"\n  ) {\n    console.log(\"→ Skipping auth check - this is the login URL\");\n    return undefined;\n  }\n\n  if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {\n    console.log(\"→ Skipping auth check - path not in include patterns\");\n    return undefined;\n  }\n\n  if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {\n    console.log(\"→ Skipping auth check - path in exclude patterns\");\n    return undefined;\n  }\n\n  // Check for either token type\n  if (!isAuthenticated) {\n    const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.url);\n    console.log(\"→ No valid token found - redirecting to login\", loginUrl);\n    return NextResponse.redirect(loginUrl);\n  }\n\n  console.log(\"→ Auth check passed\");\n  return undefined;\n};\n\n/**\n *\n * Use this when auth is the only middleware you need.\n * Usage:\n *\n * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();\n *\n */\nexport const authMiddleware =\n  (authConfig: Partial<AuthConfig> = {}) =>\n  async (request: NextRequest): Promise<NextResponse> => {\n    const response = await applyAuth(authConfig, request);\n    if (response) return response;\n\n    // NextJS doesn't do middleware chaining yet, so this does not mean\n    // \"call the next middleware\" - it means \"continue to the route handler\"\n    return NextResponse.next();\n  };\n\n/**\n * Usage:\n *\n * export default withAuth(async (request) => {\n *    console.log('my middleware');\n *    return NextResponse.next();\n *  })\n */\n// use this when you have your own middleware to chain\nexport function withAuth(\n  middleware: Middleware,\n): (request: NextRequest) => Promise<NextResponse> {\n  return auth()(middleware);\n}\n\n/**\n * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)\n *\n * Usage:\n *\n * const withAuth = auth({ loginUrl = '/login' }); // or just auth();\n *\n * export default withAuth(async (request) => {\n *    console.log('my middleware');\n *    return NextResponse.next();\n *  })\n *\n */\nexport function auth(authConfig: AuthConfig = {}) {\n  return (\n    middleware: Middleware,\n  ): ((request: NextRequest) => Promise<NextResponse>) => {\n    return async (request: NextRequest): Promise<NextResponse> => {\n      const response = await applyAuth(authConfig, request);\n      if (response) return response;\n\n      return middleware(request);\n    };\n  };\n}\n"]}

package/dist/src/nextjs/providers/NextAuthProvider.d.ts

@@ -0,0 +1,13 @@
+/**
+ * A very small context provider for the user object - it takes the user object from the cookie and provides it to the app.
+ */
+import React from "react";
+import { type AuthConfigWithDefaults } from "@/nextjs/config.js";
+import type { AuthProviderProps } from "@/shared/providers/types.js";
+type NextCivicAuthProviderInternalProps = Omit<AuthProviderProps, "clientId"> & {
+    resolvedConfig: AuthConfigWithDefaults;
+};
+type NextCivicAuthProviderProps = Omit<NextCivicAuthProviderInternalProps, "clientId" | "resolvedConfig" | "redirectUrl">;
+declare const CivicNextAuthProvider: ({ children, ...props }: NextCivicAuthProviderProps) => React.JSX.Element;
+export { CivicNextAuthProvider, type NextCivicAuthProviderProps };
+//# sourceMappingURL=NextAuthProvider.d.ts.map

package/dist/src/nextjs/providers/NextAuthProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"NextAuthProvider.d.ts","sourceRoot":"","sources":["../../../../src/nextjs/providers/NextAuthProvider.tsx"],"names":[],"mappings":"AACA;;GAEG;AACH,OAAO,KAA2C,MAAM,OAAO,CAAC;AAChE,OAAO,EAEL,KAAK,sBAAsB,EAC5B,MAAM,oBAAoB,CAAC;AAiB5B,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAWrE,KAAK,kCAAkC,GAAG,IAAI,CAC5C,iBAAiB,EACjB,UAAU,CACX,GAAG;IACF,cAAc,EAAE,sBAAsB,CAAC;CACxC,CAAC;AACF,KAAK,0BAA0B,GAAG,IAAI,CACpC,kCAAkC,EAClC,UAAU,GAAG,gBAAgB,GAAG,aAAa,CAC9C,CAAC;AA2GF,QAAA,MAAM,qBAAqB,2BAGxB,0BAA0B,sBAwC5B,CAAC;AAEF,OAAO,EAAE,qBAAqB,EAAE,KAAK,0BAA0B,EAAE,CAAC"}

package/dist/src/nextjs/providers/NextAuthProvider.js

@@ -0,0 +1,94 @@
+"use client";
+/**
+ * A very small context provider for the user object - it takes the user object from the cookie and provides it to the app.
+ */
+import React, { useCallback, useEffect, useState } from "react";
+import { resolveAuthConfig, } from "@/nextjs/config.js";
+import { resolveCallbackUrl } from "@/nextjs/utils.js";
+import { ConfidentialClientPKCEConsumer } from "@/services/PKCE.js";
+import { NextjsClientStorage } from "@/nextjs/cookies.js";
+import { UserProvider } from "@/shared/providers/UserProvider.js";
+import { useUserCookie } from "@/nextjs/hooks/useUserCookie.js";
+import { CivicAuthConfigProvider } from "@/shared/providers/CivicAuthConfigContext.js";
+import { SessionProvider } from "@/shared/providers/SessionProvider.js";
+import { IframeProvider } from "@/shared/providers/IframeProvider.js";
+import { TokenProvider } from "@/shared/providers/TokenProvider.js";
+import { useSignIn } from "@/shared/hooks/useSignIn.js";
+import { useCivicAuthConfig } from "@/shared/hooks/useCivicAuthConfig.js";
+import { IFrameAndLoading } from "@/shared/components/IFrameAndLoading.js";
+import { BlockDisplay } from "@/shared/components/BlockDisplay.js";
+import { LoadingIcon } from "@/shared/components/LoadingIcon.js";
+import { useIframe } from "@/shared/hooks/useIframe.js";
+import { useSession } from "@/reactjs/index.js";
+import { useIsInIframe } from "@/shared/hooks/useIsInIframe.js";
+const CivicNextAuthTokenProviderInternal = ({ children, isLoading, displayMode = "iframe", user, fetchUser, ...props }) => {
+    const { iframeMode, resolvedConfig } = props;
+    const { iframeRef, setLogoutIframeIsVisible } = useIframe();
+    const civicAuthConfig = useCivicAuthConfig();
+    const { challengeUrl } = resolvedConfig;
+    const pkceConsumer = new ConfidentialClientPKCEConsumer(challengeUrl);
+    const [isSigningOut, setIsSigningOut] = useState(false);
+    const { data: session } = useSession();
+    const postSignOut = useCallback(async () => {
+        setIsSigningOut(true);
+        // user is signed out, manually update the user from cookies to not wait for polling
+        await fetchUser();
+        await props?.onSignOut?.();
+    }, [fetchUser, props]);
+    useEffect(() => {
+        if (!session?.authenticated) {
+            setIsSigningOut(false);
+        }
+    }, [session?.authenticated]);
+    useEffect(() => {
+        setLogoutIframeIsVisible(isSigningOut);
+    }, [isSigningOut, setLogoutIframeIsVisible]);
+    const { signIn, signOut } = useSignIn({
+        postSignOut,
+        pkceConsumer,
+        displayMode,
+    });
+    useEffect(() => {
+        if (iframeMode === "embedded" &&
+            civicAuthConfig &&
+            !session?.authenticated &&
+            iframeRef?.current) {
+            signIn();
+        }
+    }, [iframeMode, civicAuthConfig, session?.authenticated, iframeRef, signIn]);
+    return (React.createElement(TokenProvider, null,
+        React.createElement(UserProvider, { storage: new NextjsClientStorage(), user: user, signOut: signOut, signIn: signIn, displayMode: displayMode },
+            React.createElement(IFrameAndLoading, { error: null, isLoading: isLoading, showIframeOnLogout: true }),
+            isLoading && (React.createElement(BlockDisplay, null,
+                React.createElement(LoadingIcon, null))),
+            children)));
+};
+const CivicNextAuthProviderInternal = ({ children, ...props }) => {
+    const isInIframe = useIsInIframe();
+    // if the SDK loads in an iframe, we show the loading spinner as the iframe
+    // will be waiting to be minimized
+    const isLoading = isInIframe;
+    const { user, idToken, fetchUser, isPending } = useUserCookie();
+    const session = {
+        authenticated: !!user,
+        idToken,
+    };
+    return (React.createElement(SessionProvider, { data: session, isLoading: isLoading },
+        React.createElement(CivicNextAuthTokenProviderInternal, { ...props, user: user, idToken: idToken, fetchUser: fetchUser, isLoading: isLoading || isPending }, children)));
+};
+const CivicNextAuthProvider = ({ children, ...props }) => {
+    const resolvedConfig = resolveAuthConfig();
+    const { clientId, oauthServer, callbackUrl, challengeUrl, logoutUrl, logoutCallbackUrl, } = resolvedConfig;
+    const [redirectUrl, setRedirectUrl] = useState("");
+    useEffect(() => {
+        if (typeof globalThis.window !== "undefined") {
+            const appUrl = globalThis.window.location.origin;
+            setRedirectUrl(resolveCallbackUrl(resolvedConfig, appUrl));
+        }
+    }, [callbackUrl, resolvedConfig]);
+    return (React.createElement(CivicAuthConfigProvider, { oauthServer: oauthServer, clientId: clientId, redirectUrl: redirectUrl, logoutRedirectUrl: logoutCallbackUrl, nonce: props?.nonce, challengeUrl: challengeUrl, logoutUrl: logoutUrl, logoutCallbackUrl: logoutCallbackUrl },
+        React.createElement(IframeProvider, { iframeMode: props.iframeMode },
+            React.createElement(CivicNextAuthProviderInternal, { ...props, resolvedConfig: resolvedConfig }, children))));
+};
+export { CivicNextAuthProvider };
+//# sourceMappingURL=NextAuthProvider.js.map

package/dist/src/nextjs/providers/NextAuthProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"NextAuthProvider.js","sourceRoot":"","sources":["../../../../src/nextjs/providers/NextAuthProvider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;AACb;;GAEG;AACH,OAAO,KAAK,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AAChE,OAAO,EACL,iBAAiB,GAElB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AACvD,OAAO,EAAE,8BAA8B,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,oCAAoC,CAAC;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAChE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8CAA8C,CAAC;AACvF,OAAO,EAAE,eAAe,EAAE,MAAM,uCAAuC,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,sCAAsC,CAAC;AACtE,OAAO,EAAE,aAAa,EAAE,MAAM,qCAAqC,CAAC;AACpE,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sCAAsC,CAAC;AAC1E,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAC3E,OAAO,EAAE,YAAY,EAAE,MAAM,qCAAqC,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAC;AACjE,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,OAAO,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAqBhE,MAAM,kCAAkC,GAAG,CAAC,EAC1C,QAAQ,EACR,SAAS,EACT,WAAW,GAAG,QAAQ,EACtB,IAAI,EACJ,SAAS,EACT,GAAG,KAAK,EACgC,EAAE,EAAE;IAC5C,MAAM,EAAE,UAAU,EAAE,cAAc,EAAE,GAAG,KAAK,CAAC;IAC7C,MAAM,EAAE,SAAS,EAAE,wBAAwB,EAAE,GAAG,SAAS,EAAE,CAAC;IAC5D,MAAM,eAAe,GAAG,kBAAkB,EAAE,CAAC;IAC7C,MAAM,EAAE,YAAY,EAAE,GAAG,cAAc,CAAC;IACxC,MAAM,YAAY,GAAG,IAAI,8BAA8B,CAAC,YAAY,CAAC,CAAC;IACtE,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IACxD,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,UAAU,EAAE,CAAC;IAEvC,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;QACzC,eAAe,CAAC,IAAI,CAAC,CAAC;QACtB,oFAAoF;QACpF,MAAM,SAAS,EAAE,CAAC;QAClB,MAAM,KAAK,EAAE,SAAS,EAAE,EAAE,CAAC;IAC7B,CAAC,EAAE,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC;IAEvB,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,OAAO,EAAE,aAAa,EAAE,CAAC;YAC5B,eAAe,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACH,CAAC,EAAE,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC;IAE7B,SAAS,CAAC,GAAG,EAAE;QACb,wBAAwB,CAAC,YAAY,CAAC,CAAC;IACzC,CAAC,EAAE,CAAC,YAAY,EAAE,wBAAwB,CAAC,CAAC,CAAC;IAE7C,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAC;QACpC,WAAW;QACX,YAAY;QACZ,WAAW;KACZ,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,IACE,UAAU,KAAK,UAAU;YACzB,eAAe;YACf,CAAC,OAAO,EAAE,aAAa;YACvB,SAAS,EAAE,OAAO,EAClB,CAAC;YACD,MAAM,EAAE,CAAC;QACX,CAAC;IACH,CAAC,EAAE,CAAC,UAAU,EAAE,eAAe,EAAE,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC;IAE7E,OAAO,CACL,oBAAC,aAAa;QACZ,oBAAC,YAAY,IACX,OAAO,EAAE,IAAI,mBAAmB,EAAE,EAClC,IAAI,EAAE,IAAI,EACV,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,WAAW;YAExB,oBAAC,gBAAgB,IACf,KAAK,EAAE,IAAI,EACX,SAAS,EAAE,SAAS,EACpB,kBAAkB,EAAE,IAAI,GACxB;YACD,SAAS,IAAI,CACZ,oBAAC,YAAY;gBACX,oBAAC,WAAW,OAAG,CACF,CAChB;YACA,QAAQ,CACI,CACD,CACjB,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,6BAA6B,GAAG,CAAC,EACrC,QAAQ,EACR,GAAG,KAAK,EAC2B,EAAE,EAAE;IACvC,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,2EAA2E;IAC3E,kCAAkC;IAClC,MAAM,SAAS,GAAG,UAAU,CAAC;IAC7B,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,aAAa,EAAE,CAAC;IAEhE,MAAM,OAAO,GAAG;QACd,aAAa,EAAE,CAAC,CAAC,IAAI;QACrB,OAAO;KACR,CAAC;IAEF,OAAO,CACL,oBAAC,eAAe,IAAC,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;QAClD,oBAAC,kCAAkC,OAC7B,KAAK,EACT,IAAI,EAAE,IAAI,EACV,OAAO,EAAE,OAAO,EAChB,SAAS,EAAE,SAAS,EACpB,SAAS,EAAE,SAAS,IAAI,SAAS,IAEhC,QAAQ,CAC0B,CACrB,CACnB,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,qBAAqB,GAAG,CAAC,EAC7B,QAAQ,EACR,GAAG,KAAK,EACmB,EAAE,EAAE;IAC/B,MAAM,cAAc,GAAG,iBAAiB,EAAE,CAAC;IAC3C,MAAM,EACJ,QAAQ,EACR,WAAW,EACX,WAAW,EACX,YAAY,EACZ,SAAS,EACT,iBAAiB,GAClB,GAAG,cAAc,CAAC;IACnB,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,QAAQ,CAAS,EAAE,CAAC,CAAC;IAE3D,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,OAAO,UAAU,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YAC7C,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;YACjD,cAAc,CAAC,kBAAkB,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC,CAAC;IAElC,OAAO,CACL,oBAAC,uBAAuB,IACtB,WAAW,EAAE,WAAW,EACxB,QAAQ,EAAE,QAAQ,EAClB,WAAW,EAAE,WAAW,EACxB,iBAAiB,EAAE,iBAAiB,EACpC,KAAK,EAAE,KAAK,EAAE,KAAK,EACnB,YAAY,EAAE,YAAY,EAC1B,SAAS,EAAE,SAAS,EACpB,iBAAiB,EAAE,iBAAiB;QAEpC,oBAAC,cAAc,IAAC,UAAU,EAAE,KAAK,CAAC,UAAU;YAC1C,oBAAC,6BAA6B,OACxB,KAAK,EACT,cAAc,EAAE,cAAc,IAE7B,QAAQ,CACqB,CACjB,CACO,CAC3B,CAAC;AACJ,CAAC,CAAC;AAEF,OAAO,EAAE,qBAAqB,EAAmC,CAAC","sourcesContent":["\"use client\";\n/**\n * A very small context provider for the user object - it takes the user object from the cookie and provides it to the app.\n */\nimport React, { useCallback, useEffect, useState } from \"react\";\nimport {\n  resolveAuthConfig,\n  type AuthConfigWithDefaults,\n} from \"@/nextjs/config.js\";\nimport { resolveCallbackUrl } from \"@/nextjs/utils.js\";\nimport { ConfidentialClientPKCEConsumer } from \"@/services/PKCE.js\";\nimport { NextjsClientStorage } from \"@/nextjs/cookies.js\";\nimport { UserProvider } from \"@/shared/providers/UserProvider.js\";\nimport { useUserCookie } from \"@/nextjs/hooks/useUserCookie.js\";\nimport { CivicAuthConfigProvider } from \"@/shared/providers/CivicAuthConfigContext.js\";\nimport { SessionProvider } from \"@/shared/providers/SessionProvider.js\";\nimport { IframeProvider } from \"@/shared/providers/IframeProvider.js\";\nimport { TokenProvider } from \"@/shared/providers/TokenProvider.js\";\nimport { useSignIn } from \"@/shared/hooks/useSignIn.js\";\nimport { useCivicAuthConfig } from \"@/shared/hooks/useCivicAuthConfig.js\";\nimport { IFrameAndLoading } from \"@/shared/components/IFrameAndLoading.js\";\nimport { BlockDisplay } from \"@/shared/components/BlockDisplay.js\";\nimport { LoadingIcon } from \"@/shared/components/LoadingIcon.js\";\nimport { useIframe } from \"@/shared/hooks/useIframe.js\";\nimport { useSession } from \"@/reactjs/index.js\";\nimport type { AuthProviderProps } from \"@/shared/providers/types.js\";\nimport { useIsInIframe } from \"@/shared/hooks/useIsInIframe.js\";\nimport type { User } from \"@/types.js\";\n\ntype CivicNextAuthTokenProviderInternalProps =\n  NextCivicAuthProviderInternalProps & {\n    isLoading: boolean;\n    idToken?: string;\n    user: User | null;\n    fetchUser: () => Promise<void>;\n  };\ntype NextCivicAuthProviderInternalProps = Omit<\n  AuthProviderProps,\n  \"clientId\"\n> & {\n  resolvedConfig: AuthConfigWithDefaults;\n};\ntype NextCivicAuthProviderProps = Omit<\n  NextCivicAuthProviderInternalProps,\n  \"clientId\" | \"resolvedConfig\" | \"redirectUrl\"\n>;\n\nconst CivicNextAuthTokenProviderInternal = ({\n  children,\n  isLoading,\n  displayMode = \"iframe\",\n  user,\n  fetchUser,\n  ...props\n}: CivicNextAuthTokenProviderInternalProps) => {\n  const { iframeMode, resolvedConfig } = props;\n  const { iframeRef, setLogoutIframeIsVisible } = useIframe();\n  const civicAuthConfig = useCivicAuthConfig();\n  const { challengeUrl } = resolvedConfig;\n  const pkceConsumer = new ConfidentialClientPKCEConsumer(challengeUrl);\n  const [isSigningOut, setIsSigningOut] = useState(false);\n  const { data: session } = useSession();\n\n  const postSignOut = useCallback(async () => {\n    setIsSigningOut(true);\n    // user is signed out, manually update the user from cookies to not wait for polling\n    await fetchUser();\n    await props?.onSignOut?.();\n  }, [fetchUser, props]);\n\n  useEffect(() => {\n    if (!session?.authenticated) {\n      setIsSigningOut(false);\n    }\n  }, [session?.authenticated]);\n\n  useEffect(() => {\n    setLogoutIframeIsVisible(isSigningOut);\n  }, [isSigningOut, setLogoutIframeIsVisible]);\n\n  const { signIn, signOut } = useSignIn({\n    postSignOut,\n    pkceConsumer,\n    displayMode,\n  });\n\n  useEffect(() => {\n    if (\n      iframeMode === \"embedded\" &&\n      civicAuthConfig &&\n      !session?.authenticated &&\n      iframeRef?.current\n    ) {\n      signIn();\n    }\n  }, [iframeMode, civicAuthConfig, session?.authenticated, iframeRef, signIn]);\n\n  return (\n    <TokenProvider>\n      <UserProvider\n        storage={new NextjsClientStorage()}\n        user={user}\n        signOut={signOut}\n        signIn={signIn}\n        displayMode={displayMode}\n      >\n        <IFrameAndLoading\n          error={null}\n          isLoading={isLoading}\n          showIframeOnLogout={true}\n        />\n        {isLoading && (\n          <BlockDisplay>\n            <LoadingIcon />\n          </BlockDisplay>\n        )}\n        {children}\n      </UserProvider>\n    </TokenProvider>\n  );\n};\n\nconst CivicNextAuthProviderInternal = ({\n  children,\n  ...props\n}: NextCivicAuthProviderInternalProps) => {\n  const isInIframe = useIsInIframe();\n  // if the SDK loads in an iframe, we show the loading spinner as the iframe\n  // will be waiting to be minimized\n  const isLoading = isInIframe;\n  const { user, idToken, fetchUser, isPending } = useUserCookie();\n\n  const session = {\n    authenticated: !!user,\n    idToken,\n  };\n\n  return (\n    <SessionProvider data={session} isLoading={isLoading}>\n      <CivicNextAuthTokenProviderInternal\n        {...props}\n        user={user}\n        idToken={idToken}\n        fetchUser={fetchUser}\n        isLoading={isLoading || isPending}\n      >\n        {children}\n      </CivicNextAuthTokenProviderInternal>\n    </SessionProvider>\n  );\n};\n\nconst CivicNextAuthProvider = ({\n  children,\n  ...props\n}: NextCivicAuthProviderProps) => {\n  const resolvedConfig = resolveAuthConfig();\n  const {\n    clientId,\n    oauthServer,\n    callbackUrl,\n    challengeUrl,\n    logoutUrl,\n    logoutCallbackUrl,\n  } = resolvedConfig;\n  const [redirectUrl, setRedirectUrl] = useState<string>(\"\");\n\n  useEffect(() => {\n    if (typeof globalThis.window !== \"undefined\") {\n      const appUrl = globalThis.window.location.origin;\n      setRedirectUrl(resolveCallbackUrl(resolvedConfig, appUrl));\n    }\n  }, [callbackUrl, resolvedConfig]);\n\n  return (\n    <CivicAuthConfigProvider\n      oauthServer={oauthServer}\n      clientId={clientId}\n      redirectUrl={redirectUrl}\n      logoutRedirectUrl={logoutCallbackUrl}\n      nonce={props?.nonce}\n      challengeUrl={challengeUrl}\n      logoutUrl={logoutUrl}\n      logoutCallbackUrl={logoutCallbackUrl}\n    >\n      <IframeProvider iframeMode={props.iframeMode}>\n        <CivicNextAuthProviderInternal\n          {...props}\n          resolvedConfig={resolvedConfig}\n        >\n          {children}\n        </CivicNextAuthProviderInternal>\n      </IframeProvider>\n    </CivicAuthConfigProvider>\n  );\n};\n\nexport { CivicNextAuthProvider, type NextCivicAuthProviderProps };\n"]}

package/dist/src/nextjs/routeHandler.d.ts

@@ -0,0 +1,19 @@
+import type { NextRequest } from "next/server.js";
+import { NextResponse } from "next/server.js";
+import type { AuthConfig } from "@/nextjs/config.js";
+export declare function handleLogout(request: NextRequest, config: AuthConfig): Promise<string>;
+export declare function handleLogoutCallback(request: NextRequest, config: AuthConfig): Promise<NextResponse>;
+/**
+ * Creates an authentication handler for Next.js API routes
+ *
+ * Usage:
+ * ```ts
+ * // app/api/auth/[...civicauth]/route.ts
+ * import { handler } from '@civic/auth/nextjs'
+ * export const GET = handler({
+ *   // optional config overrides
+ * })
+ * ```
+ */
+export declare const handler: (authConfig?: {}) => (request: NextRequest) => Promise<NextResponse>;
+//# sourceMappingURL=routeHandler.d.ts.map

package/dist/src/nextjs/routeHandler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"routeHandler.d.ts","sourceRoot":"","sources":["../../../src/nextjs/routeHandler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAmRrD,wBAAsB,YAAY,CAChC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,MAAM,CAAC,CA0BjB;AAED,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,YAAY,CAAC,CA+DvB;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,OAAO,iCAEF,WAAW,KAAG,OAAO,CAAC,YAAY,CA0CjD,CAAC"}