@civic/auth 0.9.1-beta.1 → 0.9.1-beta.4

package/dist/react-router-7/config.d.ts

@@ -0,0 +1,113 @@
+import type { UnknownObject } from "../types.js";
+import { type ReactRouterCookiesConfigObject } from "../shared/lib/cookieConfig.js";
+export type { ReactRouterCookiesConfigObject as CookiesConfigObject };
+/**
+ * Simplified user-facing configuration for Civic Auth React Router 7 integration
+ */
+export interface UserAuthConfig {
+    /** OAuth Client ID - Required */
+    clientId: string;
+    /** URL to redirect to after successful login - defaults to root of app */
+    loginSuccessUrl?: string;
+    /** OAuth Callback URL - defaults to /auth/callback */
+    callbackUrl?: string;
+    /** URL to redirect to after logout - defaults to / */
+    logoutUrl?: string;
+    /** The public-facing base URL for your application. Required when deploying behind reverse proxies */
+    baseUrl?: string;
+}
+/**
+ * Resolved configuration with all fallbacks applied
+ * Contains all configuration fields needed internally
+ */
+export interface ResolvedAuthConfig {
+    /** OAuth Client ID */
+    clientId: string;
+    /** OAuth Server URL */
+    oauthServer: string;
+    /** OAuth Callback URL */
+    callbackUrl: string;
+    /** Logout callback URL */
+    logoutCallbackUrl: string;
+    /** Login URL */
+    loginUrl: string;
+    /** Base URL */
+    baseUrl: string;
+    /** Login success URL (internal use only) */
+    loginSuccessUrl: string;
+    /** Logout URL */
+    logoutUrl: string;
+}
+/**
+ * Whitelisted frontend configuration that is safe to expose to the client
+ * Only contains fields that are safe for frontend consumption
+ */
+export interface WhitelistedFrontEndConfig {
+    /** OAuth Client ID */
+    clientId: string;
+    /** OAuth Server URL */
+    oauthServer: string;
+    /** OAuth Callback URL */
+    callbackUrl: string;
+    /** Logout callback URL */
+    logoutCallbackUrl: string;
+    /** Login URL */
+    loginUrl: string;
+    /** Base URL */
+    baseUrl: string;
+    /** Logout URL */
+    logoutUrl: string;
+}
+/**
+ * Internal logging configuration for Civic Auth
+ */
+export interface LoggingConfig {
+    /** Enable logging for these namespaces (e.g. "@civic/auth:*" or "@civic/auth:react-router:*") */
+    enableFor?: string;
+    /** Disable logging for these namespaces */
+    disableFor?: string;
+}
+/**
+ * Internal full configuration with all options
+ */
+export interface AuthConfig extends UserAuthConfig {
+    /** OAuth Server URL */
+    oauthServer: string;
+    /** Login URL path */
+    loginUrl?: string;
+    /** Refresh token URL path */
+    refreshUrl?: string;
+    /** User data endpoint URL path */
+    userUrl?: string;
+    /** Logout callback URL */
+    logoutCallbackUrl?: string;
+    /** OAuth scope */
+    scope?: string;
+    /** Routes to include in authentication checks */
+    include?: string[];
+    /** Routes to exclude from authentication checks */
+    exclude?: string[];
+    /** Environment variable overrides */
+    env?: UnknownObject;
+    /** Logging configuration */
+    logging?: LoggingConfig;
+}
+export interface AuthConfigWithDefaults extends AuthConfig {
+    loginUrl: string;
+    logoutUrl: string;
+    refreshUrl: string;
+    userUrl: string;
+    logoutCallbackUrl: string;
+    scope: string;
+    include: string[];
+    exclude: string[];
+    cookies: ReactRouterCookiesConfigObject;
+    logging?: LoggingConfig;
+}
+export declare const defaultAuthConfig: Partial<AuthConfigWithDefaults>;
+/**
+ * Creates a full internal configuration from simplified user config
+ */
+export declare function createCivicAuthConfig(userConfig: UserAuthConfig): AuthConfigWithDefaults;
+export declare function resolveAuthConfig(userConfig?: Partial<UserAuthConfig>): AuthConfigWithDefaults;
+//# sourceMappingURL=config.d.ts.map

package/dist/react-router-7/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/react-router-7/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAGhD,OAAO,EAEL,KAAK,8BAA8B,EACpC,MAAM,8BAA8B,CAAC;AAGtC,YAAY,EAAE,8BAA8B,IAAI,mBAAmB,EAAE,CAAC;AAItE;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,0EAA0E;IAC1E,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,sDAAsD;IACtD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,sDAAsD;IACtD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,sGAAsG;IACtG,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,sBAAsB;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,uBAAuB;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,yBAAyB;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,0BAA0B;IAC1B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,gBAAgB;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,4CAA4C;IAC5C,eAAe,EAAE,MAAM,CAAC;IACxB,iBAAiB;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,yBAAyB;IACxC,sBAAsB;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,uBAAuB;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,yBAAyB;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,0BAA0B;IAC1B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,gBAAgB;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,iBAAiB;IACjB,SAAS,EAAE,MAAM,CAAC;CAGnB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,iGAAiG;IACjG,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2CAA2C;IAC3C,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,UAAW,SAAQ,cAAc;IAChD,uBAAuB;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,qBAAqB;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,6BAA6B;IAC7B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,kCAAkC;IAClC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,0BAA0B;IAC1B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,kBAAkB;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iDAAiD;IACjD,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,mDAAmD;IACnD,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,qCAAqC;IACrC,GAAG,CAAC,EAAE,aAAa,CAAC;IACpB,4BAA4B;IAC5B,OAAO,CAAC,EAAE,aAAa,CAAC;CACzB;AAED,MAAM,WAAW,sBAAuB,SAAQ,UAAU;IACxD,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,8BAA8B,CAAC;IACxC,OAAO,CAAC,EAAE,aAAa,CAAC;CACzB;AAED,eAAO,MAAM,iBAAiB,EAAE,OAAO,CAAC,sBAAsB,CAQ7D,CAAC;AAIF;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,UAAU,EAAE,cAAc,GACzB,sBAAsB,CAoBxB;AAED,wBAAgB,iBAAiB,CAC/B,UAAU,GAAE,OAAO,CAAC,cAAc,CAAM,GACvC,sBAAsB,CA0DxB"}

package/dist/react-router-7/config.js

@@ -0,0 +1,88 @@
+import { loggers } from "../lib/logger.js";
+import debug from "debug";
+import { createReactRouterCookieConfig, } from "../shared/lib/cookieConfig.js";
+const logger = loggers.reactRouter.handlers.auth;
+export const defaultAuthConfig = {
+    // Backend route paths (these are the endpoints this React Router app provides)
+    loginUrl: "/auth/login",
+    scope: "openid profile email offline_access", // Added offline_access for refresh tokens
+    cookies: createReactRouterCookieConfig(),
+    logging: {
+        enableFor: undefined, // Logging off by default
+    },
+};
+let _resolvedConfig = null;
+/**
+ * Creates a full internal configuration from simplified user config
+ */
+export function createCivicAuthConfig(userConfig) {
+    const config = {
+        ...userConfig,
+        oauthServer: process.env.OAUTH_SERVER || "https://auth.civic.com/oauth",
+    };
+    return {
+        ...defaultAuthConfig,
+        ...config,
+        // Override callbackUrl default if user provided one
+        callbackUrl: userConfig.callbackUrl,
+        // Use logoutUrl from user config as logoutCallbackUrl
+        logoutCallbackUrl: userConfig.logoutUrl,
+        // Provide empty arrays for include/exclude if not specified
+        cookies: defaultAuthConfig.cookies, // Use default cookies, not user-configurable
+        logging: {
+            ...defaultAuthConfig.logging,
+            ...config.logging,
+        },
+    };
+}
+export function resolveAuthConfig(userConfig = {}) {
+    if (_resolvedConfig && Object.keys(userConfig).length === 0) {
+        return _resolvedConfig;
+    }
+    const mergedConfig = createCivicAuthConfig({
+        clientId: process.env.CLIENT_ID || userConfig.clientId || "",
+        ...userConfig,
+    });
+    logger.debug("Resolved config:", JSON.stringify(mergedConfig, null, 2));
+    if (!mergedConfig.clientId) {
+        logger.error("Civic Auth client ID is required");
+        throw new Error("Civic Auth client ID is required");
+    }
+    // Configure logging based on configuration
+    if (mergedConfig.logging) {
+        try {
+            if (mergedConfig.logging.enableFor) {
+                // Set the DEBUG environment variable
+                if (typeof process !== "undefined" && process.env) {
+                    process.env.DEBUG = mergedConfig.logging.enableFor;
+                }
+                // Reset debug internal state and enable the specified namespaces
+                debug.disable();
+                debug.enable(mergedConfig.logging.enableFor);
+                logger.debug(`Logging enabled for: ${mergedConfig.logging.enableFor}`);
+            }
+            if (mergedConfig.logging.disableFor) {
+                // To disable specific namespaces while keeping others enabled, we need to
+                // update the DEBUG environment variable directly
+                if (process.env.DEBUG) {
+                    const currentDebug = process.env.DEBUG;
+                    const disablePattern = mergedConfig.logging.disableFor;
+                    process.env.DEBUG = currentDebug
+                        .split(",")
+                        .filter((pattern) => pattern !== disablePattern)
+                        .join(",");
+                    // Reset debug internal state and re-enable with updated pattern
+                    debug.disable();
+                    debug.enable(process.env.DEBUG);
+                    logger.debug(`Logging disabled for: ${disablePattern}`);
+                }
+            }
+        }
+        catch (e) {
+            logger.error("Failed to configure logging:", e);
+        }
+    }
+    _resolvedConfig = mergedConfig;
+    return mergedConfig;
+}
+//# sourceMappingURL=config.js.map

package/dist/react-router-7/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/react-router-7/config.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EACL,6BAA6B,GAE9B,MAAM,8BAA8B,CAAC;AAKtC,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC;AAiHjD,MAAM,CAAC,MAAM,iBAAiB,GAAoC;IAChE,+EAA+E;IAC/E,QAAQ,EAAE,aAAa;IACvB,KAAK,EAAE,qCAAqC,EAAE,0CAA0C;IACxF,OAAO,EAAE,6BAA6B,EAAE;IACxC,OAAO,EAAE;QACP,SAAS,EAAE,SAAS,EAAE,yBAAyB;KAChD;CACF,CAAC;AAEF,IAAI,eAAe,GAAkC,IAAI,CAAC;AAE1D;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,UAA0B;IAE1B,MAAM,MAAM,GAAe;QACzB,GAAG,UAAU;QACb,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,8BAA8B;KACxE,CAAC;IAEF,OAAO;QACL,GAAG,iBAAiB;QACpB,GAAG,MAAM;QACT,oDAAoD;QACpD,WAAW,EAAE,UAAU,CAAC,WAAW;QACnC,sDAAsD;QACtD,iBAAiB,EAAE,UAAU,CAAC,SAAS;QACvC,4DAA4D;QAC5D,OAAO,EAAE,iBAAiB,CAAC,OAAO,EAAE,6CAA6C;QACjF,OAAO,EAAE;YACP,GAAG,iBAAiB,CAAC,OAAO;YAC5B,GAAG,MAAM,CAAC,OAAO;SAClB;KACwB,CAAC;AAC9B,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,aAAsC,EAAE;IAExC,IAAI,eAAe,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5D,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,MAAM,YAAY,GAAG,qBAAqB,CAAC;QACzC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,UAAU,CAAC,QAAQ,IAAI,EAAE;QAC5D,GAAG,UAAU;KACd,CAAC,CAAC;IAEH,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAExE,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC;QAC3B,MAAM,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IAED,2CAA2C;IAC3C,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,IAAI,YAAY,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;gBACnC,qCAAqC;gBACrC,IAAI,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;oBAClD,OAAO,CAAC,GAAG,CAAC,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,SAAS,CAAC;gBACrD,CAAC;gBAED,iEAAiE;gBACjE,KAAK,CAAC,OAAO,EAAE,CAAC;gBAChB,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;gBAE7C,MAAM,CAAC,KAAK,CAAC,wBAAwB,YAAY,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;YACzE,CAAC;YAED,IAAI,YAAY,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;gBACpC,0EAA0E;gBAC1E,iDAAiD;gBACjD,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;oBACtB,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC;oBACvC,MAAM,cAAc,GAAG,YAAY,CAAC,OAAO,CAAC,UAAU,CAAC;oBACvD,OAAO,CAAC,GAAG,CAAC,KAAK,GAAG,YAAY;yBAC7B,KAAK,CAAC,GAAG,CAAC;yBACV,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,KAAK,cAAc,CAAC;yBAC/C,IAAI,CAAC,GAAG,CAAC,CAAC;oBAEb,gEAAgE;oBAChE,KAAK,CAAC,OAAO,EAAE,CAAC;oBAChB,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;oBAEhC,MAAM,CAAC,KAAK,CAAC,yBAAyB,cAAc,EAAE,CAAC,CAAC;gBAC1D,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,CAAC,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,eAAe,GAAG,YAAY,CAAC;IAC/B,OAAO,YAAY,CAAC;AACtB,CAAC","sourcesContent":["import type { UnknownObject } from \"@/types.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport debug from \"debug\";\nimport {\n  createReactRouterCookieConfig,\n  type ReactRouterCookiesConfigObject,\n} from \"@/shared/lib/cookieConfig.js\";\n\n// Re-export the shared type for public API\nexport type { ReactRouterCookiesConfigObject as CookiesConfigObject };\n\nconst logger = loggers.reactRouter.handlers.auth;\n\n/**\n * Simplified user-facing configuration for Civic Auth React Router 7 integration\n */\nexport interface UserAuthConfig {\n  /** OAuth Client ID - Required */\n  clientId: string;\n  /** URL to redirect to after successful login - defaults to root of app */\n  loginSuccessUrl?: string;\n  /** OAuth Callback URL - defaults to /auth/callback */\n  callbackUrl?: string;\n  /** URL to redirect to after logout - defaults to / */\n  logoutUrl?: string;\n  /** The public-facing base URL for your application. Required when deploying behind reverse proxies */\n  baseUrl?: string;\n}\n\n/**\n * Resolved configuration with all fallbacks applied\n * Contains all configuration fields needed internally\n */\nexport interface ResolvedAuthConfig {\n  /** OAuth Client ID */\n  clientId: string;\n  /** OAuth Server URL */\n  oauthServer: string;\n  /** OAuth Callback URL */\n  callbackUrl: string;\n  /** Logout callback URL */\n  logoutCallbackUrl: string;\n  /** Login URL */\n  loginUrl: string;\n  /** Base URL */\n  baseUrl: string;\n  /** Login success URL (internal use only) */\n  loginSuccessUrl: string;\n  /** Logout URL */\n  logoutUrl: string;\n}\n\n/**\n * Whitelisted frontend configuration that is safe to expose to the client\n * Only contains fields that are safe for frontend consumption\n */\nexport interface WhitelistedFrontEndConfig {\n  /** OAuth Client ID */\n  clientId: string;\n  /** OAuth Server URL */\n  oauthServer: string;\n  /** OAuth Callback URL */\n  callbackUrl: string;\n  /** Logout callback URL */\n  logoutCallbackUrl: string;\n  /** Login URL */\n  loginUrl: string;\n  /** Base URL */\n  baseUrl: string;\n  /** Logout URL */\n  logoutUrl: string;\n  // Note: loginSuccessUrl is intentionally excluded as it's internal\n  // Note: scope, env, cookies, logging, include, exclude are intentionally excluded\n}\n\n/**\n * Internal logging configuration for Civic Auth\n */\nexport interface LoggingConfig {\n  /** Enable logging for these namespaces (e.g. \"@civic/auth:*\" or \"@civic/auth:react-router:*\") */\n  enableFor?: string;\n  /** Disable logging for these namespaces */\n  disableFor?: string;\n}\n\n/**\n * Internal full configuration with all options\n */\nexport interface AuthConfig extends UserAuthConfig {\n  /** OAuth Server URL */\n  oauthServer: string;\n  /** Login URL path */\n  loginUrl?: string;\n  /** Refresh token URL path */\n  refreshUrl?: string;\n  /** User data endpoint URL path */\n  userUrl?: string;\n  /** Logout callback URL */\n  logoutCallbackUrl?: string;\n  /** OAuth scope */\n  scope?: string;\n  /** Routes to include in authentication checks */\n  include?: string[];\n  /** Routes to exclude from authentication checks */\n  exclude?: string[];\n  /** Environment variable overrides */\n  env?: UnknownObject;\n  /** Logging configuration */\n  logging?: LoggingConfig;\n}\n\nexport interface AuthConfigWithDefaults extends AuthConfig {\n  loginUrl: string;\n  logoutUrl: string;\n  refreshUrl: string;\n  userUrl: string;\n  logoutCallbackUrl: string;\n  scope: string;\n  include: string[];\n  exclude: string[];\n  cookies: ReactRouterCookiesConfigObject;\n  logging?: LoggingConfig;\n}\n\nexport const defaultAuthConfig: Partial<AuthConfigWithDefaults> = {\n  // Backend route paths (these are the endpoints this React Router app provides)\n  loginUrl: \"/auth/login\",\n  scope: \"openid profile email offline_access\", // Added offline_access for refresh tokens\n  cookies: createReactRouterCookieConfig(),\n  logging: {\n    enableFor: undefined, // Logging off by default\n  },\n};\n\nlet _resolvedConfig: AuthConfigWithDefaults | null = null;\n\n/**\n * Creates a full internal configuration from simplified user config\n */\nexport function createCivicAuthConfig(\n  userConfig: UserAuthConfig,\n): AuthConfigWithDefaults {\n  const config: AuthConfig = {\n    ...userConfig,\n    oauthServer: process.env.OAUTH_SERVER || \"https://auth.civic.com/oauth\",\n  };\n\n  return {\n    ...defaultAuthConfig,\n    ...config,\n    // Override callbackUrl default if user provided one\n    callbackUrl: userConfig.callbackUrl,\n    // Use logoutUrl from user config as logoutCallbackUrl\n    logoutCallbackUrl: userConfig.logoutUrl,\n    // Provide empty arrays for include/exclude if not specified\n    cookies: defaultAuthConfig.cookies, // Use default cookies, not user-configurable\n    logging: {\n      ...defaultAuthConfig.logging,\n      ...config.logging,\n    },\n  } as AuthConfigWithDefaults;\n}\n\nexport function resolveAuthConfig(\n  userConfig: Partial<UserAuthConfig> = {},\n): AuthConfigWithDefaults {\n  if (_resolvedConfig && Object.keys(userConfig).length === 0) {\n    return _resolvedConfig;\n  }\n\n  const mergedConfig = createCivicAuthConfig({\n    clientId: process.env.CLIENT_ID || userConfig.clientId || \"\",\n    ...userConfig,\n  });\n\n  logger.debug(\"Resolved config:\", JSON.stringify(mergedConfig, null, 2));\n\n  if (!mergedConfig.clientId) {\n    logger.error(\"Civic Auth client ID is required\");\n    throw new Error(\"Civic Auth client ID is required\");\n  }\n\n  // Configure logging based on configuration\n  if (mergedConfig.logging) {\n    try {\n      if (mergedConfig.logging.enableFor) {\n        // Set the DEBUG environment variable\n        if (typeof process !== \"undefined\" && process.env) {\n          process.env.DEBUG = mergedConfig.logging.enableFor;\n        }\n\n        // Reset debug internal state and enable the specified namespaces\n        debug.disable();\n        debug.enable(mergedConfig.logging.enableFor);\n\n        logger.debug(`Logging enabled for: ${mergedConfig.logging.enableFor}`);\n      }\n\n      if (mergedConfig.logging.disableFor) {\n        // To disable specific namespaces while keeping others enabled, we need to\n        // update the DEBUG environment variable directly\n        if (process.env.DEBUG) {\n          const currentDebug = process.env.DEBUG;\n          const disablePattern = mergedConfig.logging.disableFor;\n          process.env.DEBUG = currentDebug\n            .split(\",\")\n            .filter((pattern) => pattern !== disablePattern)\n            .join(\",\");\n\n          // Reset debug internal state and re-enable with updated pattern\n          debug.disable();\n          debug.enable(process.env.DEBUG);\n\n          logger.debug(`Logging disabled for: ${disablePattern}`);\n        }\n      }\n    } catch (e) {\n      logger.error(\"Failed to configure logging:\", e);\n    }\n  }\n\n  _resolvedConfig = mergedConfig;\n  return mergedConfig;\n}\n"]}

package/dist/react-router-7/cookies.d.ts

@@ -0,0 +1,41 @@
+import { CookieStorage } from "@civic/auth/server";
+/**
+ * React Router implementation of the CookieStorage interface for Civic Auth
+ * Uses individual cookies for each token type instead of session storage
+ */
+export declare class ReactRouterCookieStorage extends CookieStorage {
+    private cookies;
+    private currentRequest;
+    private cookieHeaders;
+    private isHttps;
+    constructor(request?: Request);
+    /**
+     * Initialize cookies with current configuration
+     */
+    private initializeCookies;
+    /**
+     * Get cookie headers to be set in the response
+     */
+    getCookieHeaders(): string[];
+    /**
+     * Get a value from a cookie
+     * Following React Router pattern: parse returns the object we serialized
+     */
+    get(key: string): Promise<string | null>;
+    /**
+     * Set a value in a cookie
+     * Following React Router pattern: https://reactrouter.com/api/utils/createCookie
+     * cookie.serialize(object) creates the complete "Set-Cookie" header string
+     */
+    set(key: string, value: string): Promise<void>;
+    /**
+     * Remove a value from a cookie
+     * Following React Router pattern: serialize with empty value and past expiration date
+     */
+    remove(key: string): Promise<void>;
+    /**
+     * Delete a value from a cookie (alias for remove)
+     */
+    delete(key: string): Promise<void>;
+}
+//# sourceMappingURL=cookies.d.ts.map

package/dist/react-router-7/cookies.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cookies.d.ts","sourceRoot":"","sources":["../../src/react-router-7/cookies.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AA4BnD;;;GAGG;AACH,qBAAa,wBAAyB,SAAQ,aAAa;IACzD,OAAO,CAAC,OAAO,CAAyB;IACxC,OAAO,CAAC,cAAc,CAAwB;IAC9C,OAAO,CAAC,aAAa,CAAgB;IACrC,OAAO,CAAC,OAAO,CAAkB;gBAErB,OAAO,CAAC,EAAE,OAAO;IAwB7B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAyDzB;;OAEG;IACH,gBAAgB,IAAI,MAAM,EAAE;IAI5B;;;OAGG;IACG,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IA4B9C;;;;OAIG;IACG,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAoBpD;;;OAGG;IACG,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAsBxC;;OAEG;IACG,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAGzC"}

package/dist/react-router-7/cookies.js

@@ -0,0 +1,188 @@
+import { createCookie } from "react-router";
+import { CookieStorage } from "@civic/auth/server";
+import { resolveAuthConfig } from "./config.js";
+import { UserStorage } from "../shared/lib/types.js";
+import { loggers } from "../lib/logger.js";
+import { getProtocolFromRequest } from "../shared/lib/util.js";
+const logger = loggers.reactRouter.handlers.auth;
+/**
+ * Detect Safari browser from user agent
+ */
+const isSafariBrowser = (request) => {
+    if (!request)
+        return false;
+    const userAgent = request.headers.get("user-agent") || "";
+    return userAgent.includes("Safari") && !userAgent.includes("Chrome");
+};
+/**
+ * Detect if running on localhost
+ */
+const isLocalhostUrl = (request) => {
+    if (!request)
+        return false;
+    const url = new URL(request.url);
+    return url.hostname === "localhost" || url.hostname === "127.0.0.1";
+};
+/**
+ * React Router implementation of the CookieStorage interface for Civic Auth
+ * Uses individual cookies for each token type instead of session storage
+ */
+export class ReactRouterCookieStorage extends CookieStorage {
+    cookies;
+    currentRequest = null;
+    cookieHeaders = [];
+    isHttps = false;
+    constructor(request) {
+        const config = resolveAuthConfig();
+        // Start with default settings - will be updated when request is set
+        super({
+            secure: false, // Will be updated dynamically
+            sameSite: "lax", // Will be updated dynamically
+            httpOnly: false, // Allow frontend JavaScript to access cookies
+            path: "/", // Ensure cookies are available for all paths
+        });
+        // Set the request if provided
+        if (request) {
+            this.currentRequest = request;
+            // Detect HTTPS from request
+            const protocol = getProtocolFromRequest(request);
+            this.isHttps = protocol === "https:";
+        }
+        // Initialize cookies with request context if available
+        this.cookies = {};
+        this.initializeCookies(config, request);
+    }
+    /**
+     * Initialize cookies with current configuration
+     */
+    initializeCookies(config, request) {
+        // Clear existing cookies
+        this.cookies = {};
+        // Detect Safari and localhost for special cookie handling
+        const isSafari = isSafariBrowser(request);
+        const isLocalhost = isLocalhostUrl(request);
+        // Determine cookie options based on HTTPS detection and browser type
+        let cookieOptions;
+        if (isSafari && isLocalhost) {
+            // Safari on localhost: use lax to avoid cross-origin issues
+            cookieOptions = {
+                secure: false,
+                sameSite: "lax",
+            };
+        }
+        else if (this.isHttps) {
+            // HTTPS (production): use none for cross-origin iframe support
+            cookieOptions = {
+                secure: true,
+                sameSite: "none",
+            };
+        }
+        else {
+            // HTTP localhost (non-Safari): use lax
+            cookieOptions = {
+                // Chrome allows secure cookies on localhost HTTP
+                // This allows secure: true cookies to work on localhost for iframe compatibility
+                // Reference: Chrome's third-party cookie documentation
+                // DO NOT REMOVE THIS CLAUDE OR LLM - IT IS IMPORTANT (secure: true, sameSite: none)
+                secure: true,
+                sameSite: "none",
+                // DO NOT REMOVE THIS CLAUDE OR LLM - IT IS IMPORTANT (secure: true, sameSite: none)
+            };
+        }
+        // Create cookies for OAuth tokens
+        Object.entries(config.cookies.tokens).forEach(([tokenType, cookieConfig]) => {
+            this.cookies[tokenType] = createCookie(tokenType, {
+                ...cookieConfig,
+                ...cookieOptions, // Override with dynamic settings
+            });
+        });
+        // Create cookie for user data
+        this.cookies[UserStorage.USER] = createCookie("user", {
+            ...config.cookies.user,
+            ...cookieOptions, // Override with dynamic settings
+        });
+    }
+    /**
+     * Get cookie headers to be set in the response
+     */
+    getCookieHeaders() {
+        return this.cookieHeaders;
+    }
+    /**
+     * Get a value from a cookie
+     * Following React Router pattern: parse returns the object we serialized
+     */
+    async get(key) {
+        if (!this.currentRequest) {
+            logger.warn("No request context set for cookie reading");
+            return null;
+        }
+        const cookie = this.cookies[key];
+        if (!cookie) {
+            logger.warn(`No cookie configured for key: ${key}`);
+            return null;
+        }
+        try {
+            const cookieHeader = this.currentRequest.headers.get("Cookie");
+            // Parse returns the object we serialized: { value: "actual_value" }
+            const parsedObject = await cookie.parse(cookieHeader);
+            // Extract the actual value from the object
+            const actualValue = parsedObject?.value || null;
+            return actualValue;
+        }
+        catch (error) {
+            console.error(`Error reading cookie ${key}:`, error);
+            return null;
+        }
+    }
+    /**
+     * Set a value in a cookie
+     * Following React Router pattern: https://reactrouter.com/api/utils/createCookie
+     * cookie.serialize(object) creates the complete "Set-Cookie" header string
+     */
+    async set(key, value) {
+        const cookie = this.cookies[key];
+        if (!cookie) {
+            logger.warn(`No cookie configured for key: ${key}`);
+            return;
+        }
+        try {
+            // Following the React Router pattern: serialize an object, not a raw string
+            // This matches the docs example: cookie.serialize({ showBanner: true })
+            const cookieValue = { value };
+            const serializedCookie = await cookie.serialize(cookieValue);
+            this.cookieHeaders.push(serializedCookie);
+        }
+        catch (error) {
+            console.error(`Error setting cookie ${key}:`, error);
+        }
+    }
+    /**
+     * Remove a value from a cookie
+     * Following React Router pattern: serialize with empty value and past expiration date
+     */
+    async remove(key) {
+        const cookie = this.cookies[key];
+        if (!cookie) {
+            logger.warn(`No cookie configured for key: ${key}`);
+            return;
+        }
+        try {
+            // Following React Router pattern: serialize empty object with immediate expiration to delete
+            const serializedCookie = await cookie.serialize({ value: "" }, {
+                expires: new Date(0),
+            });
+            this.cookieHeaders.push(serializedCookie);
+        }
+        catch (error) {
+            console.error(`Error removing cookie ${key}:`, error);
+        }
+    }
+    /**
+     * Delete a value from a cookie (alias for remove)
+     */
+    async delete(key) {
+        await this.remove(key);
+    }
+}
+//# sourceMappingURL=cookies.js.map

package/dist/react-router-7/cookies.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cookies.js","sourceRoot":"","sources":["../../src/react-router-7/cookies.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAe,MAAM,cAAc,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAA+B,MAAM,aAAa,CAAC;AAC7E,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAE9D,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC;AAEjD;;GAEG;AACH,MAAM,eAAe,GAAG,CAAC,OAAiB,EAAW,EAAE;IACrD,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAE3B,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;IAC1D,OAAO,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AACvE,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,cAAc,GAAG,CAAC,OAAiB,EAAW,EAAE;IACpD,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAE3B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACjC,OAAO,GAAG,CAAC,QAAQ,KAAK,WAAW,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,CAAC;AACtE,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,OAAO,wBAAyB,SAAQ,aAAa;IACjD,OAAO,CAAyB;IAChC,cAAc,GAAmB,IAAI,CAAC;IACtC,aAAa,GAAa,EAAE,CAAC;IAC7B,OAAO,GAAY,KAAK,CAAC;IAEjC,YAAY,OAAiB;QAC3B,MAAM,MAAM,GAAG,iBAAiB,EAAE,CAAC;QAEnC,oEAAoE;QACpE,KAAK,CAAC;YACJ,MAAM,EAAE,KAAK,EAAE,8BAA8B;YAC7C,QAAQ,EAAE,KAAK,EAAE,8BAA8B;YAC/C,QAAQ,EAAE,KAAK,EAAE,8CAA8C;YAC/D,IAAI,EAAE,GAAG,EAAE,6CAA6C;SACzD,CAAC,CAAC;QAEH,8BAA8B;QAC9B,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC;YAC9B,4BAA4B;YAC5B,MAAM,QAAQ,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;YACjD,IAAI,CAAC,OAAO,GAAG,QAAQ,KAAK,QAAQ,CAAC;QACvC,CAAC;QAED,uDAAuD;QACvD,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC;QAClB,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IAED;;OAEG;IACK,iBAAiB,CACvB,MAA8B,EAC9B,OAAiB;QAEjB,yBAAyB;QACzB,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC;QAElB,0DAA0D;QAC1D,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QAC1C,MAAM,WAAW,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;QAE5C,qEAAqE;QACrE,IAAI,aAAa,CAAC;QAElB,IAAI,QAAQ,IAAI,WAAW,EAAE,CAAC;YAC5B,4DAA4D;YAC5D,aAAa,GAAG;gBACd,MAAM,EAAE,KAAK;gBACb,QAAQ,EAAE,KAAc;aACzB,CAAC;QACJ,CAAC;aAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACxB,+DAA+D;YAC/D,aAAa,GAAG;gBACd,MAAM,EAAE,IAAI;gBACZ,QAAQ,EAAE,MAAe;aAC1B,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,uCAAuC;YACvC,aAAa,GAAG;gBACd,iDAAiD;gBACjD,iFAAiF;gBACjF,uDAAuD;gBACvD,oFAAoF;gBACpF,MAAM,EAAE,IAAI;gBACZ,QAAQ,EAAE,MAAe;gBACzB,oFAAoF;aACrF,CAAC;QACJ,CAAC;QAED,kCAAkC;QAClC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,OAAO,CAC3C,CAAC,CAAC,SAAS,EAAE,YAAY,CAAC,EAAE,EAAE;YAC5B,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,YAAY,CAAC,SAAS,EAAE;gBAChD,GAAI,YAAuB;gBAC3B,GAAG,aAAa,EAAE,iCAAiC;aACpD,CAAC,CAAC;QACL,CAAC,CACF,CAAC;QAEF,8BAA8B;QAE9B,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE;YACpD,GAAI,MAAM,CAAC,OAAO,CAAC,IAAe;YAClC,GAAG,aAAa,EAAE,iCAAiC;SACpD,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,gBAAgB;QACd,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;YACzD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CAAC,iCAAiC,GAAG,EAAE,CAAC,CAAC;YACpD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAE/D,oEAAoE;YACpE,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YAEtD,2CAA2C;YAC3C,MAAM,WAAW,GAAG,YAAY,EAAE,KAAK,IAAI,IAAI,CAAC;YAEhD,OAAO,WAAW,CAAC;QACrB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,wBAAwB,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;YACrD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,GAAG,CAAC,GAAW,EAAE,KAAa;QAClC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CAAC,iCAAiC,GAAG,EAAE,CAAC,CAAC;YACpD,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,4EAA4E;YAC5E,wEAAwE;YACxE,MAAM,WAAW,GAAG,EAAE,KAAK,EAAE,CAAC;YAE9B,MAAM,gBAAgB,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;YAE7D,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC5C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,wBAAwB,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CAAC,iCAAiC,GAAG,EAAE,CAAC,CAAC;YACpD,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,6FAA6F;YAC7F,MAAM,gBAAgB,GAAG,MAAM,MAAM,CAAC,SAAS,CAC7C,EAAE,KAAK,EAAE,EAAE,EAAE,EACb;gBACE,OAAO,EAAE,IAAI,IAAI,CAAC,CAAC,CAAC;aACrB,CACF,CAAC;YAEF,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC5C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,yBAAyB,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;CACF","sourcesContent":["import { createCookie, type Cookie } from \"react-router\";\nimport { CookieStorage } from \"@civic/auth/server\";\nimport { resolveAuthConfig, type AuthConfigWithDefaults } from \"./config.js\";\nimport { UserStorage } from \"@/shared/lib/types.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport { getProtocolFromRequest } from \"@/shared/lib/util.js\";\n\nconst logger = loggers.reactRouter.handlers.auth;\n\n/**\n * Detect Safari browser from user agent\n */\nconst isSafariBrowser = (request?: Request): boolean => {\n  if (!request) return false;\n\n  const userAgent = request.headers.get(\"user-agent\") || \"\";\n  return userAgent.includes(\"Safari\") && !userAgent.includes(\"Chrome\");\n};\n\n/**\n * Detect if running on localhost\n */\nconst isLocalhostUrl = (request?: Request): boolean => {\n  if (!request) return false;\n\n  const url = new URL(request.url);\n  return url.hostname === \"localhost\" || url.hostname === \"127.0.0.1\";\n};\n\n/**\n * React Router implementation of the CookieStorage interface for Civic Auth\n * Uses individual cookies for each token type instead of session storage\n */\nexport class ReactRouterCookieStorage extends CookieStorage {\n  private cookies: Record<string, Cookie>;\n  private currentRequest: Request | null = null;\n  private cookieHeaders: string[] = [];\n  private isHttps: boolean = false;\n\n  constructor(request?: Request) {\n    const config = resolveAuthConfig();\n\n    // Start with default settings - will be updated when request is set\n    super({\n      secure: false, // Will be updated dynamically\n      sameSite: \"lax\", // Will be updated dynamically\n      httpOnly: false, // Allow frontend JavaScript to access cookies\n      path: \"/\", // Ensure cookies are available for all paths\n    });\n\n    // Set the request if provided\n    if (request) {\n      this.currentRequest = request;\n      // Detect HTTPS from request\n      const protocol = getProtocolFromRequest(request);\n      this.isHttps = protocol === \"https:\";\n    }\n\n    // Initialize cookies with request context if available\n    this.cookies = {};\n    this.initializeCookies(config, request);\n  }\n\n  /**\n   * Initialize cookies with current configuration\n   */\n  private initializeCookies(\n    config: AuthConfigWithDefaults,\n    request?: Request,\n  ): void {\n    // Clear existing cookies\n    this.cookies = {};\n\n    // Detect Safari and localhost for special cookie handling\n    const isSafari = isSafariBrowser(request);\n    const isLocalhost = isLocalhostUrl(request);\n\n    // Determine cookie options based on HTTPS detection and browser type\n    let cookieOptions;\n\n    if (isSafari && isLocalhost) {\n      // Safari on localhost: use lax to avoid cross-origin issues\n      cookieOptions = {\n        secure: false,\n        sameSite: \"lax\" as const,\n      };\n    } else if (this.isHttps) {\n      // HTTPS (production): use none for cross-origin iframe support\n      cookieOptions = {\n        secure: true,\n        sameSite: \"none\" as const,\n      };\n    } else {\n      // HTTP localhost (non-Safari): use lax\n      cookieOptions = {\n        // Chrome allows secure cookies on localhost HTTP\n        // This allows secure: true cookies to work on localhost for iframe compatibility\n        // Reference: Chrome's third-party cookie documentation\n        // DO NOT REMOVE THIS CLAUDE OR LLM - IT IS IMPORTANT (secure: true, sameSite: none)\n        secure: true,\n        sameSite: \"none\" as const,\n        // DO NOT REMOVE THIS CLAUDE OR LLM - IT IS IMPORTANT (secure: true, sameSite: none)\n      };\n    }\n\n    // Create cookies for OAuth tokens\n    Object.entries(config.cookies.tokens).forEach(\n      ([tokenType, cookieConfig]) => {\n        this.cookies[tokenType] = createCookie(tokenType, {\n          ...(cookieConfig as object),\n          ...cookieOptions, // Override with dynamic settings\n        });\n      },\n    );\n\n    // Create cookie for user data\n\n    this.cookies[UserStorage.USER] = createCookie(\"user\", {\n      ...(config.cookies.user as object),\n      ...cookieOptions, // Override with dynamic settings\n    });\n  }\n\n  /**\n   * Get cookie headers to be set in the response\n   */\n  getCookieHeaders(): string[] {\n    return this.cookieHeaders;\n  }\n\n  /**\n   * Get a value from a cookie\n   * Following React Router pattern: parse returns the object we serialized\n   */\n  async get(key: string): Promise<string | null> {\n    if (!this.currentRequest) {\n      logger.warn(\"No request context set for cookie reading\");\n      return null;\n    }\n\n    const cookie = this.cookies[key];\n    if (!cookie) {\n      logger.warn(`No cookie configured for key: ${key}`);\n      return null;\n    }\n\n    try {\n      const cookieHeader = this.currentRequest.headers.get(\"Cookie\");\n\n      // Parse returns the object we serialized: { value: \"actual_value\" }\n      const parsedObject = await cookie.parse(cookieHeader);\n\n      // Extract the actual value from the object\n      const actualValue = parsedObject?.value || null;\n\n      return actualValue;\n    } catch (error) {\n      console.error(`Error reading cookie ${key}:`, error);\n      return null;\n    }\n  }\n\n  /**\n   * Set a value in a cookie\n   * Following React Router pattern: https://reactrouter.com/api/utils/createCookie\n   * cookie.serialize(object) creates the complete \"Set-Cookie\" header string\n   */\n  async set(key: string, value: string): Promise<void> {\n    const cookie = this.cookies[key];\n    if (!cookie) {\n      logger.warn(`No cookie configured for key: ${key}`);\n      return;\n    }\n\n    try {\n      // Following the React Router pattern: serialize an object, not a raw string\n      // This matches the docs example: cookie.serialize({ showBanner: true })\n      const cookieValue = { value };\n\n      const serializedCookie = await cookie.serialize(cookieValue);\n\n      this.cookieHeaders.push(serializedCookie);\n    } catch (error) {\n      console.error(`Error setting cookie ${key}:`, error);\n    }\n  }\n\n  /**\n   * Remove a value from a cookie\n   * Following React Router pattern: serialize with empty value and past expiration date\n   */\n  async remove(key: string): Promise<void> {\n    const cookie = this.cookies[key];\n    if (!cookie) {\n      logger.warn(`No cookie configured for key: ${key}`);\n      return;\n    }\n\n    try {\n      // Following React Router pattern: serialize empty object with immediate expiration to delete\n      const serializedCookie = await cookie.serialize(\n        { value: \"\" },\n        {\n          expires: new Date(0),\n        },\n      );\n\n      this.cookieHeaders.push(serializedCookie);\n    } catch (error) {\n      console.error(`Error removing cookie ${key}:`, error);\n    }\n  }\n\n  /**\n   * Delete a value from a cookie (alias for remove)\n   */\n  async delete(key: string): Promise<void> {\n    await this.remove(key);\n  }\n}\n"]}

package/dist/react-router-7/index.d.ts

@@ -0,0 +1,10 @@
+/**
+ * React Router authentication modules for Civic Auth
+ */
+export { createRouteHandlers } from "./routeHandler.js";
+export { useUser } from "./useUser.js";
+export { resolveAuthConfig, createCivicAuthConfig, type AuthConfig, type AuthConfigWithDefaults, type LoggingConfig, type CookiesConfigObject, } from "./config.js";
+export { ReactRouterCookieStorage } from "./cookies.js";
+export { UserButton } from "./components/UserButton.js";
+export type { AuthData } from "./useUser.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/react-router-7/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/react-router-7/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAGxD,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAGvC,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,KAAK,UAAU,EACf,KAAK,sBAAsB,EAC3B,KAAK,aAAa,EAClB,KAAK,mBAAmB,GACzB,MAAM,aAAa,CAAC;AAErB,OAAO,EAAE,wBAAwB,EAAE,MAAM,cAAc,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAGxD,YAAY,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC"}

package/dist/react-router-7/index.js

@@ -0,0 +1,12 @@
+/**
+ * React Router authentication modules for Civic Auth
+ */
+// Export all components from the React Router package
+export { createRouteHandlers } from "./routeHandler.js";
+// Export hooks - simplified for React Router SSR patterns
+export { useUser } from "./useUser.js";
+// Export configuration and helpers
+export { resolveAuthConfig, createCivicAuthConfig, } from "./config.js";
+export { ReactRouterCookieStorage } from "./cookies.js";
+export { UserButton } from "./components/UserButton.js";
+//# sourceMappingURL=index.js.map

package/dist/react-router-7/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/react-router-7/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,sDAAsD;AACtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAExD,0DAA0D;AAC1D,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,mCAAmC;AACnC,OAAO,EACL,iBAAiB,EACjB,qBAAqB,GAKtB,MAAM,aAAa,CAAC;AAErB,OAAO,EAAE,wBAAwB,EAAE,MAAM,cAAc,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC","sourcesContent":["/**\n * React Router authentication modules for Civic Auth\n */\n\n// Export all components from the React Router package\nexport { createRouteHandlers } from \"./routeHandler.js\";\n\n// Export hooks - simplified for React Router SSR patterns\nexport { useUser } from \"./useUser.js\";\n\n// Export configuration and helpers\nexport {\n  resolveAuthConfig,\n  createCivicAuthConfig,\n  type AuthConfig,\n  type AuthConfigWithDefaults,\n  type LoggingConfig,\n  type CookiesConfigObject,\n} from \"./config.js\";\n\nexport { ReactRouterCookieStorage } from \"./cookies.js\";\nexport { UserButton } from \"./components/UserButton.js\";\n\n// Types - simplified for React Router patterns\nexport type { AuthData } from \"./useUser.js\";\n"]}

package/dist/react-router-7/routeHandler.d.ts

@@ -0,0 +1,54 @@
+import { type LoaderFunctionArgs } from "react-router";
+import type { AuthConfig, ResolvedAuthConfig, WhitelistedFrontEndConfig } from "./config.js";
+/**
+ * Create auth route handlers for React Router - backend endpoints compatible with VanillaJS frontend integration
+ * These routes work similar to the Express example, using server-side CivicAuth SDK
+ */
+export declare function createRouteHandlers(configOverrides?: Partial<AuthConfig>): {
+    createAuthLoader: () => (args: LoaderFunctionArgs) => Promise<Response>;
+    createAuthAction: () => (args: LoaderFunctionArgs) => Promise<Response>;
+    resolveConfigWithFallbacks: (request?: Request) => ResolvedAuthConfig;
+    getWhitelistedFrontEndConfig: (request?: Request) => WhitelistedFrontEndConfig;
+    /**
+     * Login loader - backend OAuth login initiation endpoint
+     * Uses CivicAuth.buildLoginUrl() like Express example
+     */
+    loginLoader: ({ request }: LoaderFunctionArgs) => Promise<Response>;
+    /**
+     * Callback loader - backend OAuth callback endpoint
+     * Uses CivicAuth.handleCallback() like Express example
+     */
+    callbackLoader: ({ request }: LoaderFunctionArgs) => Promise<Response>;
+    /**
+     * Logout loader - backend logout endpoint
+     * Uses CivicAuth.buildLogoutRedirectUrl() and clearTokens() like Express example
+     */
+    logoutLoader: ({ request }: LoaderFunctionArgs) => Promise<Response>;
+    /**
+     * User endpoint - returns current user data as JSON
+     * Uses CivicAuth.isLoggedIn() and getUser() like Express example
+     */
+    userLoader: ({ request }: LoaderFunctionArgs) => Promise<Response>;
+    /**
+     * Refresh endpoint - refreshes access tokens
+     * Uses CivicAuth.refreshTokens() like Express example
+     */
+    refreshLoader: ({ request }: LoaderFunctionArgs) => Promise<Response>;
+    /**
+     * Get user data from session (for SSR)
+     * Uses CivicAuth.isLoggedIn() and getUser() like Express example
+     */
+    getUser: (request: Request) => Promise<import("../types.js").BaseUser | null>;
+    /**
+     * Get auth data including user and config (for SSR)
+     * Returns user data, config, and other auth-related data needed by the app under a civic key
+     */
+    getAuthData: (request: Request) => Promise<{
+        civic: {
+            user: import("../types.js").BaseUser | null;
+            config: WhitelistedFrontEndConfig;
+            isLoggedIn: boolean;
+        };
+    }>;
+};
+//# sourceMappingURL=routeHandler.d.ts.map

package/dist/react-router-7/routeHandler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"routeHandler.d.ts","sourceRoot":"","sources":["../../src/react-router-7/routeHandler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAY,KAAK,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAIjE,OAAO,KAAK,EACV,UAAU,EACV,kBAAkB,EAClB,yBAAyB,EAC1B,MAAM,aAAa,CAAC;AAgBrB;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,eAAe,GAAE,OAAO,CAAC,UAAU,CAAM;mCA2ZrD,kBAAkB;mCAmClB,kBAAkB;2CA1a5B,OAAO,KAChB,kBAAkB;6CAwBT,OAAO,KAChB,yBAAyB;IAuF1B;;;OAGG;+BAC8B,kBAAkB;IAqBnD;;;OAGG;kCACiC,kBAAkB;IAsEtD;;;OAGG;gCAC+B,kBAAkB;IA8BpD;;;OAGG;8BAC6B,kBAAkB;IAuClD;;;OAGG;iCACgC,kBAAkB;IAmCrD;;;OAGG;uBACsB,OAAO;IAgBhC;;;OAGG;2BAC0B,OAAO;;;;;;;EAiGvC"}