@civic/auth 0.4.3-alpha.0 → 0.4.3

package/dist/esm/nextjs/middleware.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../../src/nextjs/middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAG7D,KAAK,UAAU,GAAG,CAChB,OAAO,EAAE,WAAW,KACjB,OAAO,CAAC,YAAY,CAAC,GAAG,YAAY,CAAC;AAkE1C;;;;;;;GAOG;AACH,eAAO,MAAM,cAAc,gBACZ,kBAAkB,eACf,WAAW,KAAG,OAAO,CAAC,YAAY,CAOjD,CAAC;AAEJ;;;;;;;GAOG;AAEH,wBAAgB,QAAQ,CACtB,UAAU,EAAE,UAAU,GACrB,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,YAAY,CAAC,CAEjD;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,IAAI,CAAC,UAAU,GAAE,kBAAuB,gBAExC,UAAU,KACrB,CAAC,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,YAAY,CAAC,CAAC,CAQrD"}

package/dist/esm/nextjs/middleware.js

@@ -1,101 +0,0 @@
-import { NextResponse } from "next/server.js";
-import picomatch from "picomatch";
-import { resolveAuthConfig } from "../nextjs/config.js";
-// Matches globs:
-// Examples:
-// /user
-// /user/*
-// /user/**/info
-const matchGlob = (pathname, globPattern) => {
-    const matches = picomatch(globPattern);
-    return matches(pathname);
-};
-// Matches globs:
-// Examples:
-// /user
-// /user/*
-// /user/**/info
-const matchesGlobs = (pathname, patterns) => patterns.some((pattern) => {
-    if (!pattern)
-        return false;
-    return matchGlob(pathname, pattern);
-});
-// internal - used by all exported functions
-const applyAuth = async (authConfig, request) => {
-    const authConfigWithDefaults = resolveAuthConfig(authConfig);
-    // Check for any valid auth token
-    const isAuthenticated = !!request.cookies.get("id_token");
-    // skip auth check for redirect to login url
-    if (request.nextUrl.pathname === authConfigWithDefaults.loginUrl &&
-        request.method === "GET") {
-        console.log("→ Skipping auth check - this is the login URL");
-        return undefined;
-    }
-    if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {
-        console.log("→ Skipping auth check - path not in include patterns");
-        return undefined;
-    }
-    if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {
-        console.log("→ Skipping auth check - path in exclude patterns");
-        return undefined;
-    }
-    // Check for either token type
-    if (!isAuthenticated) {
-        const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.nextUrl.origin);
-        const redirectUrl = `${loginUrl.toString()}`;
-        console.log(`→ No valid token found - redirecting to "${redirectUrl}"`);
-        return NextResponse.redirect(redirectUrl);
-    }
-    console.log("→ Auth check passed");
-    return undefined;
-};
-/**
- *
- * Use this when auth is the only middleware you need.
- * Usage:
- *
- * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();
- *
- */
-export const authMiddleware = (authConfig = {}) => async (request) => {
-    const response = await applyAuth(authConfig, request);
-    if (response)
-        return response;
-    // NextJS doesn't do middleware chaining yet, so this does not mean
-    // "call the next middleware" - it means "continue to the route handler"
-    return NextResponse.next();
-};
-/**
- * Usage:
- *
- * export default withAuth(async (request) => {
- *    console.log('my middleware');
- *    return NextResponse.next();
- *  })
- */
-// use this when you have your own middleware to chain
-export function withAuth(middleware) {
-    return auth()(middleware);
-}
-/**
- * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)
- *
- * Usage:
- *
- * export default auth(authConfig: AuthConfig ) => {
- *    console.log('my middleware');
- *    return NextResponse.next();
- *  })
- *
- */
-export function auth(authConfig = {}) {
-    return (middleware) => {
-        return async (request) => {
-            const response = await applyAuth(authConfig, request);
-            if (response)
-                return response;
-            return middleware(request);
-        };
-    };
-}
-//# sourceMappingURL=middleware.js.map

package/dist/esm/nextjs/middleware.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../../src/nextjs/middleware.ts"],"names":[],"mappings":"AAsBA,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,SAAS,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAMvD,iBAAiB;AACjB,YAAY;AACZ,QAAQ;AACR,UAAU;AACV,gBAAgB;AAChB,MAAM,SAAS,GAAG,CAAC,QAAgB,EAAE,WAAmB,EAAE,EAAE;IAC1D,MAAM,OAAO,GAAG,SAAS,CAAC,WAAW,CAAC,CAAC;IACvC,OAAO,OAAO,CAAC,QAAQ,CAAC,CAAC;AAC3B,CAAC,CAAC;AAEF,iBAAiB;AACjB,YAAY;AACZ,QAAQ;AACR,UAAU;AACV,gBAAgB;AAChB,MAAM,YAAY,GAAG,CAAC,QAAgB,EAAE,QAAkB,EAAE,EAAE,CAC5D,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;IACxB,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAC3B,OAAO,SAAS,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;AACtC,CAAC,CAAC,CAAC;AAEL,4CAA4C;AAC5C,MAAM,SAAS,GAAG,KAAK,EACrB,UAA8B,EAC9B,OAAoB,EACe,EAAE;IACrC,MAAM,sBAAsB,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAC7D,iCAAiC;IACjC,MAAM,eAAe,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAE1D,4CAA4C;IAC5C,IACE,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,sBAAsB,CAAC,QAAQ;QAC5D,OAAO,CAAC,MAAM,KAAK,KAAK,EACxB,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;QAC7D,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,sBAAsB,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5E,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;QACpE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,sBAAsB,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3E,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;QAChE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,8BAA8B;IAC9B,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,QAAQ,GAAG,IAAI,GAAG,CACtB,sBAAsB,CAAC,QAAQ,EAC/B,OAAO,CAAC,OAAO,CAAC,MAAM,CACvB,CAAC;QACF,MAAM,WAAW,GAAG,GAAG,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,4CAA4C,WAAW,GAAG,CAAC,CAAC;QACxE,OAAO,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC5C,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IACnC,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,cAAc,GACzB,CAAC,aAAiC,EAAE,EAAE,EAAE,CACxC,KAAK,EAAE,OAAoB,EAAyB,EAAE;IACpD,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACtD,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE9B,mEAAmE;IACnE,wEAAwE;IACxE,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;AAC7B,CAAC,CAAC;AAEJ;;;;;;;GAOG;AACH,sDAAsD;AACtD,MAAM,UAAU,QAAQ,CACtB,UAAsB;IAEtB,OAAO,IAAI,EAAE,CAAC,UAAU,CAAC,CAAC;AAC5B,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,IAAI,CAAC,aAAiC,EAAE;IACtD,OAAO,CACL,UAAsB,EAC6B,EAAE;QACrD,OAAO,KAAK,EAAE,OAAoB,EAAyB,EAAE;YAC3D,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YACtD,IAAI,QAAQ;gBAAE,OAAO,QAAQ,CAAC;YAE9B,OAAO,UAAU,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC","sourcesContent":["/**\n * Authenticates the user on all requests by checking the token cookie\n *\n * Usage:\n * Option 1: use if no other middleware (e.g. no next-intl etc)\n * export default authMiddleware();\n *\n * Option 2: use if other middleware is needed - default auth config\n * export default withAuth((request) => {\n *    console.log('in custom middleware', request.nextUrl.pathname);\n *    return NextResponse.next();\n * })\n *\n * Option 3: use if other middleware is needed - specifying auth config\n * const withCivicAuth = auth({ loginUrl: '/login', include: ['/[.*]/user'] })\n * export default withCivicAuth((request) => {\n *   console.log('in custom middleware', request.url);\n *   return NextResponse.next();\n * })\n *\n */\nimport type { NextRequest } from \"next/server.js\";\nimport { NextResponse } from \"next/server.js\";\nimport picomatch from \"picomatch\";\nimport type { OptionalAuthConfig } from \"@/nextjs/config.js\";\nimport { resolveAuthConfig } from \"@/nextjs/config.js\";\n\ntype Middleware = (\n  request: NextRequest,\n) => Promise<NextResponse> | NextResponse;\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchGlob = (pathname: string, globPattern: string) => {\n  const matches = picomatch(globPattern);\n  return matches(pathname);\n};\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchesGlobs = (pathname: string, patterns: string[]) =>\n  patterns.some((pattern) => {\n    if (!pattern) return false;\n    return matchGlob(pathname, pattern);\n  });\n\n// internal - used by all exported functions\nconst applyAuth = async (\n  authConfig: OptionalAuthConfig,\n  request: NextRequest,\n): Promise<NextResponse | undefined> => {\n  const authConfigWithDefaults = resolveAuthConfig(authConfig);\n  // Check for any valid auth token\n  const isAuthenticated = !!request.cookies.get(\"id_token\");\n\n  // skip auth check for redirect to login url\n  if (\n    request.nextUrl.pathname === authConfigWithDefaults.loginUrl &&\n    request.method === \"GET\"\n  ) {\n    console.log(\"→ Skipping auth check - this is the login URL\");\n    return undefined;\n  }\n\n  if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {\n    console.log(\"→ Skipping auth check - path not in include patterns\");\n    return undefined;\n  }\n\n  if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {\n    console.log(\"→ Skipping auth check - path in exclude patterns\");\n    return undefined;\n  }\n\n  // Check for either token type\n  if (!isAuthenticated) {\n    const loginUrl = new URL(\n      authConfigWithDefaults.loginUrl,\n      request.nextUrl.origin,\n    );\n    const redirectUrl = `${loginUrl.toString()}`;\n    console.log(`→ No valid token found - redirecting to \"${redirectUrl}\"`);\n    return NextResponse.redirect(redirectUrl);\n  }\n\n  console.log(\"→ Auth check passed\");\n  return undefined;\n};\n\n/**\n *\n * Use this when auth is the only middleware you need.\n * Usage:\n *\n * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();\n *\n */\nexport const authMiddleware =\n  (authConfig: OptionalAuthConfig = {}) =>\n  async (request: NextRequest): Promise<NextResponse> => {\n    const response = await applyAuth(authConfig, request);\n    if (response) return response;\n\n    // NextJS doesn't do middleware chaining yet, so this does not mean\n    // \"call the next middleware\" - it means \"continue to the route handler\"\n    return NextResponse.next();\n  };\n\n/**\n * Usage:\n *\n * export default withAuth(async (request) => {\n *    console.log('my middleware');\n *    return NextResponse.next();\n *  })\n */\n// use this when you have your own middleware to chain\nexport function withAuth(\n  middleware: Middleware,\n): (request: NextRequest) => Promise<NextResponse> {\n  return auth()(middleware);\n}\n\n/**\n * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)\n *\n * Usage:\n *\n * export default auth(authConfig: AuthConfig ) => {\n *    console.log('my middleware');\n *    return NextResponse.next();\n *  })\n *\n */\nexport function auth(authConfig: OptionalAuthConfig = {}) {\n  return (\n    middleware: Middleware,\n  ): ((request: NextRequest) => Promise<NextResponse>) => {\n    return async (request: NextRequest): Promise<NextResponse> => {\n      const response = await applyAuth(authConfig, request);\n      if (response) return response;\n\n      return middleware(request);\n    };\n  };\n}\n"]}

package/dist/esm/nextjs/providers/NextAuthProvider.d.ts

@@ -1,9 +0,0 @@
-import { type AuthConfigWithDefaults } from "../../nextjs/config.js";
-import type { AuthProviderProps } from "../../shared/providers/types.js";
-type NextCivicAuthProviderInternalProps = Omit<AuthProviderProps, "clientId"> & {
-    resolvedConfig: AuthConfigWithDefaults;
-};
-type NextCivicAuthProviderProps = Omit<NextCivicAuthProviderInternalProps, "clientId" | "resolvedConfig" | "redirectUrl">;
-declare const CivicNextAuthProvider: ({ children, ...props }: NextCivicAuthProviderProps) => import("@emotion/react/jsx-runtime").JSX.Element;
-export { CivicNextAuthProvider, type NextCivicAuthProviderProps };
-//# sourceMappingURL=NextAuthProvider.d.ts.map

package/dist/esm/nextjs/providers/NextAuthProvider.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"NextAuthProvider.d.ts","sourceRoot":"","sources":["../../../../src/nextjs/providers/NextAuthProvider.tsx"],"names":[],"mappings":"AAKA,OAAO,EAEL,KAAK,sBAAsB,EAC5B,MAAM,oBAAoB,CAAC;AAe5B,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAcrE,KAAK,kCAAkC,GAAG,IAAI,CAC5C,iBAAiB,EACjB,UAAU,CACX,GAAG;IACF,cAAc,EAAE,sBAAsB,CAAC;CACxC,CAAC;AACF,KAAK,0BAA0B,GAAG,IAAI,CACpC,kCAAkC,EAClC,UAAU,GAAG,gBAAgB,GAAG,aAAa,CAC9C,CAAC;AA2HF,QAAA,MAAM,qBAAqB,2BAGxB,0BAA0B,qDA0C5B,CAAC;AAEF,OAAO,EAAE,qBAAqB,EAAE,KAAK,0BAA0B,EAAE,CAAC"}

package/dist/esm/nextjs/providers/NextAuthProvider.js

@@ -1,105 +0,0 @@
-"use client";
-import { jsx as _jsx, jsxs as _jsxs } from "@emotion/react/jsx-runtime";
-/**
- * A very small context provider for the user object - it takes the user object from the cookie and provides it to the app.
- */
-import React, { useCallback, useEffect, useState } from "react";
-import { resolveAuthConfig, } from "../../nextjs/config.js";
-import { resolveCallbackUrl } from "../../nextjs/utils.js";
-import { ConfidentialClientPKCEConsumer } from "../../services/PKCE.js";
-import { UserProvider } from "../../shared/providers/UserProvider.js";
-import { useUserCookie } from "../../nextjs/hooks/useUserCookie.js";
-import { CivicAuthConfigProvider } from "../../shared/providers/CivicAuthConfigContext.js";
-import { SessionProvider } from "../../shared/providers/SessionProvider.js";
-import { IframeProvider } from "../../shared/providers/IframeProvider.js";
-import { TokenProvider } from "../../shared/providers/TokenProvider.js";
-import { useSignIn } from "../../shared/hooks/useSignIn.js";
-import { useCivicAuthConfig } from "../../shared/hooks/useCivicAuthConfig.js";
-import { IFrameAndLoading } from "../../shared/components/IFrameAndLoading.js";
-import { BlockDisplay } from "../../shared/components/BlockDisplay.js";
-import { LoadingIcon } from "../../shared/components/LoadingIcon.js";
-import { useIframe } from "../../shared/hooks/useIframe.js";
-import { useIsInIframe } from "../../shared/hooks/useIsInIframe.js";
-import { AuthStatus } from "../../types.js";
-import { useRefresh } from "../../nextjs/hooks/useRefresh.js";
-import { useCurrentUrl, useSession } from "../../shared/hooks/index.js";
-import { BrowserCookieStorage } from "../../shared/index.js";
-const CivicNextAuthTokenProviderInternal = ({ children, isLoading, displayMode = "iframe", user, fetchUser, ...props }) => {
-    const { iframeMode, resolvedConfig } = props;
-    const { iframeRef, setIframeIsVisible } = useIframe();
-    const civicAuthConfig = useCivicAuthConfig();
-    const { challengeUrl } = resolvedConfig;
-    const pkceConsumer = new ConfidentialClientPKCEConsumer(challengeUrl);
-    const { data: session } = useSession();
-    const currentUrl = useCurrentUrl();
-    useEffect(() => {
-        if (session?.authenticated) {
-            // the session is authenticated, so don't show the login iframe
-            setIframeIsVisible(false);
-            return;
-        }
-    }, [session?.authenticated, setIframeIsVisible]);
-    const postSignOut = useCallback(async () => {
-        // user is signed out, manually update the user from cookies to not wait for polling
-        await fetchUser();
-        await props?.onSignOut?.();
-    }, [fetchUser, props]);
-    const { signIn, startSignIn, signOut, authStatus } = useSignIn({
-        postSignOut,
-        pkceConsumer,
-        displayMode,
-    });
-    useEffect(() => {
-        if (civicAuthConfig &&
-            !session?.authenticated &&
-            iframeRef?.current &&
-            authStatus === AuthStatus.UNAUTHENTICATED &&
-            displayMode === "iframe" &&
-            !currentUrl?.includes("code=")) {
-            startSignIn();
-        }
-        // eslint-disable-next-line react-hooks/exhaustive-deps
-    }, [
-        currentUrl,
-        iframeMode,
-        iframeRef,
-        civicAuthConfig,
-        session?.authenticated,
-        authStatus,
-        startSignIn,
-        displayMode,
-    ]);
-    const { error: refreshError } = useRefresh(session);
-    useEffect(() => {
-        if (refreshError) {
-            console.error("Error refreshing token, signing out...", refreshError);
-            signOut();
-        }
-    }, [refreshError, signOut]);
-    return (_jsx(TokenProvider, { children: _jsxs(UserProvider, { storage: new BrowserCookieStorage(), user: user, signOut: signOut, signIn: signIn, displayMode: displayMode, authStatus: authStatus, children: [_jsx(IFrameAndLoading, { error: null, isLoading: isLoading }), isLoading && (_jsx(BlockDisplay, { children: _jsx(LoadingIcon, {}) })), children] }) }));
-};
-const CivicNextAuthProviderInternal = ({ children, ...props }) => {
-    // if the SDK loads in an iframe, we show the loading spinner as the iframe
-    // will be waiting to be minimized
-    const isLoading = useIsInIframe();
-    const { user, idToken, fetchUser } = useUserCookie();
-    const session = {
-        authenticated: !!user,
-        idToken,
-    };
-    return (_jsx(SessionProvider, { data: session, isLoading: isLoading, children: _jsx(CivicNextAuthTokenProviderInternal, { ...props, user: user, idToken: idToken, fetchUser: fetchUser, isLoading: isLoading, children: children }) }));
-};
-const CivicNextAuthProvider = ({ children, ...props }) => {
-    const resolvedConfig = resolveAuthConfig();
-    const { clientId, oauthServer, callbackUrl, challengeUrl, logoutUrl, refreshUrl, logoutCallbackUrl, } = resolvedConfig;
-    const [redirectUrl, setRedirectUrl] = useState("");
-    useEffect(() => {
-        if (typeof globalThis.window !== "undefined") {
-            const appUrl = globalThis.window.location.origin;
-            setRedirectUrl(resolveCallbackUrl(resolvedConfig, appUrl));
-        }
-    }, [callbackUrl, resolvedConfig]);
-    return (_jsx(CivicAuthConfigProvider, { oauthServer: oauthServer, clientId: clientId, redirectUrl: redirectUrl, logoutRedirectUrl: logoutCallbackUrl, nonce: props?.nonce, challengeUrl: challengeUrl, refreshUrl: refreshUrl, logoutUrl: logoutUrl, logoutCallbackUrl: logoutCallbackUrl, children: _jsx(IframeProvider, { iframeMode: props.iframeMode, children: _jsx(CivicNextAuthProviderInternal, { ...props, resolvedConfig: resolvedConfig, children: children }) }) }));
-};
-export { CivicNextAuthProvider };
-//# sourceMappingURL=NextAuthProvider.js.map

package/dist/esm/nextjs/providers/NextAuthProvider.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"NextAuthProvider.js","sourceRoot":"","sources":["../../../../src/nextjs/providers/NextAuthProvider.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;;AACb;;GAEG;AACH,OAAO,KAAK,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AAChE,OAAO,EACL,iBAAiB,GAElB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AACvD,OAAO,EAAE,8BAA8B,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,YAAY,EAAE,MAAM,oCAAoC,CAAC;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAChE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8CAA8C,CAAC;AACvF,OAAO,EAAE,eAAe,EAAE,MAAM,uCAAuC,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,sCAAsC,CAAC;AACtE,OAAO,EAAE,aAAa,EAAE,MAAM,qCAAqC,CAAC;AACpE,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sCAAsC,CAAC;AAC1E,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAC3E,OAAO,EAAE,YAAY,EAAE,MAAM,qCAAqC,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAC;AACjE,OAAO,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC;AAExD,OAAO,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAChE,OAAO,EAAE,UAAU,EAAiC,MAAM,YAAY,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AAoBzD,MAAM,kCAAkC,GAAG,CAEzC,EACA,QAAQ,EACR,SAAS,EACT,WAAW,GAAG,QAAQ,EACtB,IAAI,EACJ,SAAS,EACT,GAAG,KAAK,EACuC,EAAE,EAAE;IACnD,MAAM,EAAE,UAAU,EAAE,cAAc,EAAE,GAAG,KAAK,CAAC;IAC7C,MAAM,EAAE,SAAS,EAAE,kBAAkB,EAAE,GAAG,SAAS,EAAE,CAAC;IACtD,MAAM,eAAe,GAAG,kBAAkB,EAAE,CAAC;IAC7C,MAAM,EAAE,YAAY,EAAE,GAAG,cAAc,CAAC;IACxC,MAAM,YAAY,GAAG,IAAI,8BAA8B,CAAC,YAAY,CAAC,CAAC;IACtE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,UAAU,EAAE,CAAC;IACvC,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IAEnC,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,OAAO,EAAE,aAAa,EAAE,CAAC;YAC3B,+DAA+D;YAC/D,kBAAkB,CAAC,KAAK,CAAC,CAAC;YAC1B,OAAO;QACT,CAAC;IACH,CAAC,EAAE,CAAC,OAAO,EAAE,aAAa,EAAE,kBAAkB,CAAC,CAAC,CAAC;IAEjD,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;QACzC,oFAAoF;QACpF,MAAM,SAAS,EAAE,CAAC;QAClB,MAAM,KAAK,EAAE,SAAS,EAAE,EAAE,CAAC;IAC7B,CAAC,EAAE,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC;IAEvB,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC;QAC7D,WAAW;QACX,YAAY;QACZ,WAAW;KACZ,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,IACE,eAAe;YACf,CAAC,OAAO,EAAE,aAAa;YACvB,SAAS,EAAE,OAAO;YAClB,UAAU,KAAK,UAAU,CAAC,eAAe;YACzC,WAAW,KAAK,QAAQ;YACxB,CAAC,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC,EAC9B,CAAC;YACD,WAAW,EAAE,CAAC;QAChB,CAAC;QACD,uDAAuD;IACzD,CAAC,EAAE;QACD,UAAU;QACV,UAAU;QACV,SAAS;QACT,eAAe;QACf,OAAO,EAAE,aAAa;QACtB,UAAU;QACV,WAAW;QACX,WAAW;KACZ,CAAC,CAAC;IAEH,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IAEpD,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,YAAY,EAAE,CAAC;YACjB,OAAO,CAAC,KAAK,CAAC,wCAAwC,EAAE,YAAY,CAAC,CAAC;YACtE,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC,EAAE,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;IAE5B,OAAO,CACL,KAAC,aAAa,cACZ,MAAC,YAAY,IACX,OAAO,EAAE,IAAI,oBAAoB,EAAE,EACnC,IAAI,EAAE,IAAI,EACV,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,WAAW,EACxB,UAAU,EAAE,UAAU,aAEtB,KAAC,gBAAgB,IAAC,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,GAAI,EACtD,SAAS,IAAI,CACZ,KAAC,YAAY,cACX,KAAC,WAAW,KAAG,GACF,CAChB,EACA,QAAQ,IACI,GACD,CACjB,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,6BAA6B,GAAG,CAAC,EACrC,QAAQ,EACR,GAAG,KAAK,EAC2B,EAAE,EAAE;IACvC,2EAA2E;IAC3E,kCAAkC;IAClC,MAAM,SAAS,GAAG,aAAa,EAAE,CAAC;IAClC,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,aAAa,EAAE,CAAC;IAErD,MAAM,OAAO,GAAG;QACd,aAAa,EAAE,CAAC,CAAC,IAAI;QACrB,OAAO;KACR,CAAC;IAEF,OAAO,CACL,KAAC,eAAe,IAAC,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,YAClD,KAAC,kCAAkC,OAC7B,KAAK,EACT,IAAI,EAAE,IAAI,EACV,OAAO,EAAE,OAAO,EAChB,SAAS,EAAE,SAAS,EACpB,SAAS,EAAE,SAAS,YAEnB,QAAQ,GAC0B,GACrB,CACnB,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,qBAAqB,GAAG,CAAC,EAC7B,QAAQ,EACR,GAAG,KAAK,EACmB,EAAE,EAAE;IAC/B,MAAM,cAAc,GAAG,iBAAiB,EAAE,CAAC;IAC3C,MAAM,EACJ,QAAQ,EACR,WAAW,EACX,WAAW,EACX,YAAY,EACZ,SAAS,EACT,UAAU,EACV,iBAAiB,GAClB,GAAG,cAAc,CAAC;IACnB,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,QAAQ,CAAS,EAAE,CAAC,CAAC;IAE3D,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,OAAO,UAAU,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YAC7C,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;YACjD,cAAc,CAAC,kBAAkB,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC,CAAC;IAElC,OAAO,CACL,KAAC,uBAAuB,IACtB,WAAW,EAAE,WAAW,EACxB,QAAQ,EAAE,QAAQ,EAClB,WAAW,EAAE,WAAW,EACxB,iBAAiB,EAAE,iBAAiB,EACpC,KAAK,EAAE,KAAK,EAAE,KAAK,EACnB,YAAY,EAAE,YAAY,EAC1B,UAAU,EAAE,UAAU,EACtB,SAAS,EAAE,SAAS,EACpB,iBAAiB,EAAE,iBAAiB,YAEpC,KAAC,cAAc,IAAC,UAAU,EAAE,KAAK,CAAC,UAAU,YAC1C,KAAC,6BAA6B,OACxB,KAAK,EACT,cAAc,EAAE,cAAc,YAE7B,QAAQ,GACqB,GACjB,GACO,CAC3B,CAAC;AACJ,CAAC,CAAC;AAEF,OAAO,EAAE,qBAAqB,EAAmC,CAAC","sourcesContent":["\"use client\";\n/**\n * A very small context provider for the user object - it takes the user object from the cookie and provides it to the app.\n */\nimport React, { useCallback, useEffect, useState } from \"react\";\nimport {\n  resolveAuthConfig,\n  type AuthConfigWithDefaults,\n} from \"@/nextjs/config.js\";\nimport { resolveCallbackUrl } from \"@/nextjs/utils.js\";\nimport { ConfidentialClientPKCEConsumer } from \"@/services/PKCE.js\";\nimport { UserProvider } from \"@/shared/providers/UserProvider.js\";\nimport { useUserCookie } from \"@/nextjs/hooks/useUserCookie.js\";\nimport { CivicAuthConfigProvider } from \"@/shared/providers/CivicAuthConfigContext.js\";\nimport { SessionProvider } from \"@/shared/providers/SessionProvider.js\";\nimport { IframeProvider } from \"@/shared/providers/IframeProvider.js\";\nimport { TokenProvider } from \"@/shared/providers/TokenProvider.js\";\nimport { useSignIn } from \"@/shared/hooks/useSignIn.js\";\nimport { useCivicAuthConfig } from \"@/shared/hooks/useCivicAuthConfig.js\";\nimport { IFrameAndLoading } from \"@/shared/components/IFrameAndLoading.js\";\nimport { BlockDisplay } from \"@/shared/components/BlockDisplay.js\";\nimport { LoadingIcon } from \"@/shared/components/LoadingIcon.js\";\nimport { useIframe } from \"@/shared/hooks/useIframe.js\";\nimport type { AuthProviderProps } from \"@/shared/providers/types.js\";\nimport { useIsInIframe } from \"@/shared/hooks/useIsInIframe.js\";\nimport { AuthStatus, type UnknownObject, type User } from \"@/types.js\";\nimport { useRefresh } from \"@/nextjs/hooks/useRefresh.js\";\nimport { useCurrentUrl, useSession } from \"@/shared/hooks/index.js\";\nimport { BrowserCookieStorage } from \"@/shared/index.js\";\n\ntype CivicNextAuthTokenProviderInternalProps<TUser extends UnknownObject> =\n  NextCivicAuthProviderInternalProps & {\n    isLoading: boolean;\n    idToken?: string;\n    user: User<TUser> | null;\n    fetchUser: () => Promise<void>;\n  };\ntype NextCivicAuthProviderInternalProps = Omit<\n  AuthProviderProps,\n  \"clientId\"\n> & {\n  resolvedConfig: AuthConfigWithDefaults;\n};\ntype NextCivicAuthProviderProps = Omit<\n  NextCivicAuthProviderInternalProps,\n  \"clientId\" | \"resolvedConfig\" | \"redirectUrl\"\n>;\n\nconst CivicNextAuthTokenProviderInternal = <\n  TUser extends UnknownObject = UnknownObject,\n>({\n  children,\n  isLoading,\n  displayMode = \"iframe\",\n  user,\n  fetchUser,\n  ...props\n}: CivicNextAuthTokenProviderInternalProps<TUser>) => {\n  const { iframeMode, resolvedConfig } = props;\n  const { iframeRef, setIframeIsVisible } = useIframe();\n  const civicAuthConfig = useCivicAuthConfig();\n  const { challengeUrl } = resolvedConfig;\n  const pkceConsumer = new ConfidentialClientPKCEConsumer(challengeUrl);\n  const { data: session } = useSession();\n  const currentUrl = useCurrentUrl();\n\n  useEffect(() => {\n    if (session?.authenticated) {\n      // the session is authenticated, so don't show the login iframe\n      setIframeIsVisible(false);\n      return;\n    }\n  }, [session?.authenticated, setIframeIsVisible]);\n\n  const postSignOut = useCallback(async () => {\n    // user is signed out, manually update the user from cookies to not wait for polling\n    await fetchUser();\n    await props?.onSignOut?.();\n  }, [fetchUser, props]);\n\n  const { signIn, startSignIn, signOut, authStatus } = useSignIn({\n    postSignOut,\n    pkceConsumer,\n    displayMode,\n  });\n\n  useEffect(() => {\n    if (\n      civicAuthConfig &&\n      !session?.authenticated &&\n      iframeRef?.current &&\n      authStatus === AuthStatus.UNAUTHENTICATED &&\n      displayMode === \"iframe\" &&\n      !currentUrl?.includes(\"code=\")\n    ) {\n      startSignIn();\n    }\n    // eslint-disable-next-line react-hooks/exhaustive-deps\n  }, [\n    currentUrl,\n    iframeMode,\n    iframeRef,\n    civicAuthConfig,\n    session?.authenticated,\n    authStatus,\n    startSignIn,\n    displayMode,\n  ]);\n\n  const { error: refreshError } = useRefresh(session);\n\n  useEffect(() => {\n    if (refreshError) {\n      console.error(\"Error refreshing token, signing out...\", refreshError);\n      signOut();\n    }\n  }, [refreshError, signOut]);\n\n  return (\n    <TokenProvider>\n      <UserProvider\n        storage={new BrowserCookieStorage()}\n        user={user}\n        signOut={signOut}\n        signIn={signIn}\n        displayMode={displayMode}\n        authStatus={authStatus}\n      >\n        <IFrameAndLoading error={null} isLoading={isLoading} />\n        {isLoading && (\n          <BlockDisplay>\n            <LoadingIcon />\n          </BlockDisplay>\n        )}\n        {children}\n      </UserProvider>\n    </TokenProvider>\n  );\n};\n\nconst CivicNextAuthProviderInternal = ({\n  children,\n  ...props\n}: NextCivicAuthProviderInternalProps) => {\n  // if the SDK loads in an iframe, we show the loading spinner as the iframe\n  // will be waiting to be minimized\n  const isLoading = useIsInIframe();\n  const { user, idToken, fetchUser } = useUserCookie();\n\n  const session = {\n    authenticated: !!user,\n    idToken,\n  };\n\n  return (\n    <SessionProvider data={session} isLoading={isLoading}>\n      <CivicNextAuthTokenProviderInternal\n        {...props}\n        user={user}\n        idToken={idToken}\n        fetchUser={fetchUser}\n        isLoading={isLoading}\n      >\n        {children}\n      </CivicNextAuthTokenProviderInternal>\n    </SessionProvider>\n  );\n};\n\nconst CivicNextAuthProvider = ({\n  children,\n  ...props\n}: NextCivicAuthProviderProps) => {\n  const resolvedConfig = resolveAuthConfig();\n  const {\n    clientId,\n    oauthServer,\n    callbackUrl,\n    challengeUrl,\n    logoutUrl,\n    refreshUrl,\n    logoutCallbackUrl,\n  } = resolvedConfig;\n  const [redirectUrl, setRedirectUrl] = useState<string>(\"\");\n\n  useEffect(() => {\n    if (typeof globalThis.window !== \"undefined\") {\n      const appUrl = globalThis.window.location.origin;\n      setRedirectUrl(resolveCallbackUrl(resolvedConfig, appUrl));\n    }\n  }, [callbackUrl, resolvedConfig]);\n\n  return (\n    <CivicAuthConfigProvider\n      oauthServer={oauthServer}\n      clientId={clientId}\n      redirectUrl={redirectUrl}\n      logoutRedirectUrl={logoutCallbackUrl}\n      nonce={props?.nonce}\n      challengeUrl={challengeUrl}\n      refreshUrl={refreshUrl}\n      logoutUrl={logoutUrl}\n      logoutCallbackUrl={logoutCallbackUrl}\n    >\n      <IframeProvider iframeMode={props.iframeMode}>\n        <CivicNextAuthProviderInternal\n          {...props}\n          resolvedConfig={resolvedConfig}\n        >\n          {children}\n        </CivicNextAuthProviderInternal>\n      </IframeProvider>\n    </CivicAuthConfigProvider>\n  );\n};\n\nexport { CivicNextAuthProvider, type NextCivicAuthProviderProps };\n"]}

package/dist/esm/nextjs/routeHandler.d.ts

@@ -1,19 +0,0 @@
-import type { AuthConfig } from "../nextjs/config.js";
-import type { NextRequest } from "next/server.js";
-import { NextResponse } from "next/server.js";
-export declare function handleLogout(request: NextRequest, config: AuthConfig): Promise<NextResponse>;
-export declare function handleLogoutCallback(request: NextRequest, config: AuthConfig): Promise<NextResponse>;
-/**
- * Creates an authentication handler for Next.js API routes
- *
- * Usage:
- * ```ts
- * // app/api/auth/[...civicauth]/route.ts
- * import { handler } from '@civic/auth/nextjs'
- * export const GET = handler({
- *   // optional config overrides
- * })
- * ```
- */
-export declare const handler: (authConfig?: {}) => (request: NextRequest) => Promise<NextResponse>;
-//# sourceMappingURL=routeHandler.d.ts.map

package/dist/esm/nextjs/routeHandler.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"routeHandler.d.ts","sourceRoot":"","sources":["../../../src/nextjs/routeHandler.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAWrD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAiR9C,wBAAsB,YAAY,CAChC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,YAAY,CAAC,CAiCvB;AAED,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,YAAY,CAAC,CAmDvB;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,OAAO,iCAEF,WAAW,KAAG,OAAO,CAAC,YAAY,CAkCjD,CAAC"}

package/dist/esm/nextjs/routeHandler.js

@@ -1,319 +0,0 @@
-import { TOKEN_EXCHANGE_SUCCESS_TEXT, TOKEN_EXCHANGE_TRIGGER_TEXT, } from "../constants.js";
-import { loggers } from "../lib/logger.js";
-import { displayModeFromState, serverTokenExchangeFromState, } from "../lib/oauth.js";
-import { resolveAuthConfig } from "../nextjs/config.js";
-import { clearAuthCookies, NextjsCookieStorage } from "../nextjs/cookies.js";
-import { getUser } from "../nextjs/index.js";
-import { resolveCallbackUrl } from "../nextjs/utils.js";
-import { resolveOAuthAccessCode } from "../server/login.js";
-import { GenericPublicClientPKCEProducer } from "../services/PKCE.js";
-import { CodeVerifier, OAuthTokens } from "../shared/lib/types.js";
-import { GenericUserSession } from "../shared/lib/UserSession.js";
-import { generateOauthLogoutUrl } from "../shared/lib/util.js";
-import { revalidatePath } from "next/cache.js";
-import { NextResponse } from "next/server.js";
-import { NextServerAuthenticationRefresherImpl } from "./NextServerAuthenticationRefresherImpl.js";
-const logger = loggers.nextjs.handlers.auth;
-class AuthError extends Error {
-    status;
-    constructor(message, status = 401) {
-        super(message);
-        this.status = status;
-        this.name = "AuthError";
-    }
-}
-const getAppUrl = (request) => request.cookies.get(CodeVerifier.APP_URL)?.value ||
-    request.nextUrl.searchParams.get("appUrl");
-const getIdToken = async (config) => {
-    const cookieStorage = new NextjsCookieStorage(config.cookies?.tokens ?? {});
-    return cookieStorage.get(OAuthTokens.ID_TOKEN);
-};
-/**
- * create a code verifier and challenge for PKCE
- * saving the verifier in a cookie for later use
- * @returns {Promise<NextResponse>}
- */
-async function handleChallenge(request, config) {
-    const cookieStorage = new NextjsCookieStorage(config.cookies?.tokens ?? {});
-    const pkceProducer = new GenericPublicClientPKCEProducer(cookieStorage);
-    const challenge = await pkceProducer.getCodeChallenge();
-    const appUrl = request.nextUrl.searchParams.get("appUrl");
-    if (appUrl) {
-        cookieStorage.set(CodeVerifier.APP_URL, appUrl);
-    }
-    return NextResponse.json({ status: "success", challenge });
-}
-async function performTokenExchangeAndSetCookies(config, code, state, appUrl) {
-    const resolvedConfigs = resolveAuthConfig(config);
-    // TODO This is messy, better would be to fix the config.cookies type to always be <name: settings>
-    // rather than nesting the tokens-related ones *and* code-verifier inside "tokens"
-    // (despite code-verifier not relating directly to tokens)
-    const cookieStorage = new NextjsCookieStorage({
-        ...resolvedConfigs.cookies.tokens,
-        user: resolvedConfigs.cookies.user,
-    });
-    const callbackUrl = resolveCallbackUrl(resolvedConfigs, appUrl);
-    try {
-        await resolveOAuthAccessCode(code, state, cookieStorage, {
-            ...resolvedConfigs,
-            redirectUrl: callbackUrl,
-        });
-    }
-    catch (error) {
-        logger.error("Token exchange failed:", error);
-        throw new AuthError("Failed to authenticate user", 401);
-    }
-    const user = await getUser();
-    if (!user) {
-        throw new AuthError("Failed to get user info", 401);
-    }
-    const userSession = new GenericUserSession(cookieStorage);
-    await userSession.set(user);
-}
-async function handleRefresh(_request, config) {
-    const resolvedConfigs = resolveAuthConfig(config);
-    const cookieStorage = new NextjsCookieStorage(config.cookies?.tokens ?? {});
-    try {
-        const onError = (error) => {
-            logger.error("handleRefresh: Token refresh failed:", error);
-            throw new AuthError("Failed to refresh tokens", 500);
-        };
-        const refresher = await NextServerAuthenticationRefresherImpl.build({
-            clientId: resolvedConfigs.clientId,
-            oauthServer: resolvedConfigs.oauthServer,
-            redirectUrl: resolvedConfigs.callbackUrl,
-            refreshUrl: resolvedConfigs.refreshUrl,
-        }, cookieStorage, onError);
-        const tokens = await refresher.refreshAccessToken();
-        return NextResponse.json({ status: "success", tokens });
-    }
-    catch (error) {
-        logger.error("handleRefresh: Token refresh failed:", error);
-        throw new AuthError("Failed to refresh tokens", 500);
-    }
-}
-const generateHtmlResponseWithCallback = (request, callbackUrl) => {
-    // we need to replace the URL with resolved config in case the server is hosted
-    // behind a reverse proxy or load balancer
-    const requestUrl = new URL(request.url);
-    const fetchUrl = `${callbackUrl}?${requestUrl.searchParams.toString()}&sameDomainCallback=true`;
-    return new NextResponse(`<html lang="en">
-         <body>
-             <span style="display:none">
-                 <script>
-                     window.onload = function () {
-                         const appUrl = globalThis.window?.location?.origin;
-                         fetch('${fetchUrl}&appUrl=' + appUrl).then((response) => {
-                             response.json().then((jsonResponse) => {
-                                 if (jsonResponse.redirectUrl) {
-                                     window.location.href = jsonResponse.redirectUrl;
-                                 }
-                             });
-                         });
-                     };
-                 </script>
-             </span>
-         </body>
-     </html>
-    `);
-};
-async function handleCallback(request, config) {
-    const resolvedConfigs = resolveAuthConfig(config);
-    const code = request.nextUrl.searchParams.get("code");
-    const state = request.nextUrl.searchParams.get("state");
-    if (!code || !state)
-        throw new AuthError("Bad parameters", 400);
-    // appUrl is passed from the client to the server in the query string
-    // this is necessary because the server does not have access to the client's window.location.origin
-    // and can not accurately determine the appUrl (specially if the app is behind a reverse proxy)
-    const appUrl = getAppUrl(request);
-    // If we have a code_verifier cookie and the appUrl, we can do a token exchange.
-    // Otherwise, just render an empty page.
-    // The initial redirect back from the auth server does not send cookies, because the redirect is from a 3rd-party domain.
-    // The client will make an additional call to this route with cookies included, at which point we do the token exchange.
-    const codeVerifier = request.cookies.get(CodeVerifier.COOKIE_NAME);
-    if (!codeVerifier || !appUrl) {
-        logger.debug("handleCallback no code_verifier found", {
-            state,
-            serverTokenExchange: serverTokenExchangeFromState(`${state}`),
-        });
-        let response = new NextResponse(`<html lang="en"><body><span style="display:none">${TOKEN_EXCHANGE_TRIGGER_TEXT}</span></body></html>`);
-        // in server-side token exchange mode we need to launch a page that will trigger the token exchange
-        // from the same domain, allowing it access to the code_verifier cookie
-        // we only need to do this in redirect mode, as the iframe already triggers a client-side token exchange
-        // if no code-verifier cookie is found
-        if (state && serverTokenExchangeFromState(state)) {
-            logger.debug("handleCallback serverTokenExchangeFromState, launching redirect page...", {
-                requestUrl: request.url,
-                configCallbackUrl: resolvedConfigs.callbackUrl,
-            });
-            // generate a page that will callback to the same domain, allowing access
-            // to the code_verifier cookie and passing the appUrl.
-            response = generateHtmlResponseWithCallback(request, resolvedConfigs.callbackUrl);
-        }
-        response.headers.set("Content-Type", "text/html; charset=utf-8");
-        logger.debug(`handleCallback no code_verifier found, returning ${TOKEN_EXCHANGE_TRIGGER_TEXT}`);
-        return response;
-    }
-    await performTokenExchangeAndSetCookies(resolvedConfigs, code, state, appUrl);
-    if (request.url.includes("sameDomainCallback=true")) {
-        logger.debug("handleCallback sameDomainCallback = true, returning redirectUrl", appUrl);
-        return NextResponse.json({
-            status: "success",
-            redirectUrl: appUrl,
-        });
-    }
-    // this is the case where a 'normal' redirect is happening
-    if (serverTokenExchangeFromState(state)) {
-        logger.debug("handleCallback serverTokenExchangeFromState, redirect to appUrl", appUrl);
-        if (!appUrl) {
-            throw new Error("appUrl undefined. Cannot redirect.");
-        }
-        return NextResponse.redirect(`${appUrl}`);
-    }
-    // return an empty HTML response so the iframe doesn't show any response
-    // in the short moment between the redirect and the parent window
-    // acknowledging the redirect and closing the iframe
-    const response = new NextResponse(`<html lang="en"><span style="display:none">${TOKEN_EXCHANGE_SUCCESS_TEXT}</span></html>`);
-    response.headers.set("Content-Type", "text/html; charset=utf-8");
-    return response;
-}
-/**
- * If redirectPath is an absolute path, return it as-is.
- * Otherwise for relative paths, append it to the current domain.
- * @param redirectPath
- * @param currentBasePath
- * @returns
- */
-const getAbsoluteRedirectPath = (redirectPath, currentBasePath) => new URL(redirectPath, currentBasePath).href;
-const getPostLogoutRedirectUrl = (request, config) => {
-    const { loginUrl } = resolveAuthConfig(config);
-    const redirectTarget = loginUrl ?? "/";
-    // if the optional loginUrl is provided and it is an absolute URL,
-    // use it as the redirect target
-    const isAbsoluteRedirect = /^(https?:\/\/|www\.).+/i.test(redirectTarget);
-    if (isAbsoluteRedirect) {
-        return redirectTarget;
-    }
-    // if loginUrl is not defined, the appUrl is passed from the client to the server
-    // in the query string or cookies. This is necessary because the server does not
-    // have access to the client's window.location and can not accurately determine
-    // the appUrl (specially if the app is behind a reverse proxy).
-    const appUrl = getAppUrl(request);
-    if (appUrl)
-        return getAbsoluteRedirectPath(redirectTarget, appUrl);
-    return null;
-};
-const revalidateUrlPath = async (url) => {
-    try {
-        const path = new URL(url).pathname;
-        revalidatePath(path);
-    }
-    catch (error) {
-        logger.warn("Failed to revalidate path after logout:", error);
-    }
-};
-export async function handleLogout(request, config) {
-    const resolvedConfigs = resolveAuthConfig(config);
-    const postLogoutUrl = new URL(resolvedConfigs.logoutCallbackUrl, getAppUrl(request) || request.url);
-    // read the id_token from the cookies
-    const idToken = await getIdToken(resolvedConfigs);
-    // read the state from the query parameters
-    const state = request.nextUrl.searchParams.get("state");
-    if (!state || !idToken) {
-        logger.error("handleLogout: missing state or idToken", { state, idToken });
-        // if token or state is missing, the logout call to the server will fail,
-        // (token has potentially expired already) so go straight to the postLogoutUrl
-        //  so the user can be signed out.
-        return NextResponse.redirect(`${postLogoutUrl}${state ? "?state=" + state : ""}`);
-    }
-    const logoutUrl = await generateOauthLogoutUrl({
-        clientId: resolvedConfigs.clientId,
-        idToken,
-        state,
-        redirectUrl: postLogoutUrl.href,
-        oauthServer: resolvedConfigs.oauthServer,
-    });
-    return NextResponse.redirect(`${logoutUrl.href}`);
-}
-export async function handleLogoutCallback(request, config) {
-    const resolvedConfigs = resolveAuthConfig(config);
-    const state = request.nextUrl.searchParams.get("state") || "";
-    const displayMode = displayModeFromState(state, "iframe");
-    const canAccessCookies = !!(await getIdToken(resolvedConfigs));
-    const isSameDomainCallback = request.url.includes("sameDomainCallback=true");
-    if (canAccessCookies || isSameDomainCallback) {
-        await clearAuthCookies();
-    }
-    let response;
-    // handle logout for iframe display mode
-    if (displayMode === "iframe") {
-        // try to read the token from cookies. If cookies cant be read/written
-        // because the request cames from a cross-origin redirect,
-        // we need to show a page that will trigger the logout from the same domain
-        if (canAccessCookies || isSameDomainCallback) {
-            // just return success
-            return NextResponse.json({ status: "success" });
-        }
-        // return a page that will trigger the logout from the same domain
-        response = generateHtmlResponseWithCallback(request, resolvedConfigs.logoutCallbackUrl);
-        response.headers.set("Content-Type", "text/html; charset=utf-8");
-        return response;
-    }
-    // handle logout for non-iframe display mode
-    const redirectUrl = getPostLogoutRedirectUrl(request, resolvedConfigs);
-    if (redirectUrl && (canAccessCookies || isSameDomainCallback)) {
-        // just redirect to the app url
-        response = NextResponse.redirect(`${redirectUrl}`);
-        revalidateUrlPath(redirectUrl);
-    }
-    else {
-        logger.debug("handleLogout no redirectUrl found", { state });
-        response = generateHtmlResponseWithCallback(request, resolvedConfigs.logoutCallbackUrl);
-        response.headers.set("Content-Type", "text/html; charset=utf-8");
-    }
-    return response;
-}
-/**
- * Creates an authentication handler for Next.js API routes
- *
- * Usage:
- * ```ts
- * // app/api/auth/[...civicauth]/route.ts
- * import { handler } from '@civic/auth/nextjs'
- * export const GET = handler({
- *   // optional config overrides
- * })
- * ```
- */
-export const handler = (authConfig = {}) => async (request) => {
-    const config = resolveAuthConfig(authConfig);
-    try {
-        const pathname = request.nextUrl.pathname;
-        const pathSegments = pathname.split("/");
-        const lastSegment = pathSegments[pathSegments.length - 1];
-        switch (lastSegment) {
-            case "challenge":
-                return await handleChallenge(request, config);
-            case "callback":
-                return await handleCallback(request, config);
-            case "refresh":
-                return await handleRefresh(request, config);
-            case "logout":
-                return await handleLogout(request, config);
-            case "logoutcallback":
-                return await handleLogoutCallback(request, config);
-            default:
-                throw new AuthError(`Invalid auth route: ${pathname}`, 404);
-        }
-    }
-    catch (error) {
-        logger.error("Auth handler error:", error);
-        const status = error instanceof AuthError ? error.status : 500;
-        const message = error instanceof Error ? error.message : "Authentication failed";
-        const response = NextResponse.json({ error: message }, { status });
-        await clearAuthCookies();
-        return response;
-    }
-};
-//# sourceMappingURL=routeHandler.js.map