@civic/auth 0.9.6-beta.1 → 0.9.6-beta.2

package/CHANGELOG.md

@@ -1,3 +1,8 @@
+# 0.10.0
+
+- NextJS Refactor with Vanillajs
+- increase SDK wrapper width to 360px
+
 # 0.9.5
 
 - Fixed an issue with token refresh in the NextJS middleware

package/dist/nextjs/actions.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Server action to revalidate the current path and force NextAuthProvider to re-run
+ * This is called after successful client-side authentication to replenish server user data
+ */
+export declare function revalidateUserData(path?: string): Promise<{
+    success: boolean;
+    error?: undefined;
+} | {
+    success: boolean;
+    error: string;
+}>;
+//# sourceMappingURL=actions.d.ts.map

package/dist/nextjs/actions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"actions.d.ts","sourceRoot":"","sources":["../../src/nextjs/actions.ts"],"names":[],"mappings":"AAIA;;;GAGG;AACH,wBAAsB,kBAAkB,CAAC,IAAI,CAAC,EAAE,MAAM;;;;;;GAiBrD"}

package/dist/nextjs/actions.js

@@ -0,0 +1,26 @@
+"use server";
+import { revalidatePath } from "next/cache.js";
+/**
+ * Server action to revalidate the current path and force NextAuthProvider to re-run
+ * This is called after successful client-side authentication to replenish server user data
+ */
+export async function revalidateUserData(path) {
+    try {
+        // Revalidate the current path to force server components to re-run
+        if (path) {
+            revalidatePath(path);
+        }
+        else {
+            // Revalidate the layout to ensure NextAuthProvider re-runs
+            revalidatePath("/", "layout");
+        }
+        return { success: true };
+    }
+    catch (error) {
+        return {
+            success: false,
+            error: error?.message || "unknown error",
+        };
+    }
+}
+//# sourceMappingURL=actions.js.map

package/dist/nextjs/actions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"actions.js","sourceRoot":"","sources":["../../src/nextjs/actions.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE/C;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,IAAa;IACpD,IAAI,CAAC;QACH,mEAAmE;QACnE,IAAI,IAAI,EAAE,CAAC;YACT,cAAc,CAAC,IAAI,CAAC,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,2DAA2D;YAC3D,cAAc,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAChC,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAG,KAAe,EAAE,OAAO,IAAI,eAAe;SACpD,CAAC;IACJ,CAAC;AACH,CAAC","sourcesContent":["\"use server\";\n\nimport { revalidatePath } from \"next/cache.js\";\n\n/**\n * Server action to revalidate the current path and force NextAuthProvider to re-run\n * This is called after successful client-side authentication to replenish server user data\n */\nexport async function revalidateUserData(path?: string) {\n  try {\n    // Revalidate the current path to force server components to re-run\n    if (path) {\n      revalidatePath(path);\n    } else {\n      // Revalidate the layout to ensure NextAuthProvider re-runs\n      revalidatePath(\"/\", \"layout\");\n    }\n\n    return { success: true };\n  } catch (error) {\n    return {\n      success: false,\n      error: (error as Error)?.message || \"unknown error\",\n    };\n  }\n}\n"]}

package/dist/nextjs/config.d.ts

@@ -22,6 +22,7 @@ export type AuthConfigWithDefaults = {
     basePath?: string;
     baseUrl?: string;
     autoRedirect: boolean;
+    targetContainerElement?: HTMLElement | string;
 };
 /**
  * All possible config values for Civic Auth
@@ -45,6 +46,7 @@ export type OptionalAuthConfig = Partial<AuthConfigWithDefaults | {
     baseUrl?: string;
     oauthServer?: string;
     autoRedirect?: boolean;
+    targetContainerElement?: HTMLElement | string;
 };
 /**
  * Configuration values for Civic Auth.

package/dist/nextjs/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/nextjs/config.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAGvC,OAAO,EACL,KAAK,YAAY,EACjB,KAAK,kBAAkB,EACxB,MAAM,uBAAuB,CAAC;AAI/B,OAAO,EAEL,KAAK,mBAAmB,EACzB,MAAM,8BAA8B,CAAC;AAGtC,YAAY,EAAE,mBAAmB,EAAE,CAAC;AAIpC;;;GAGG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,mBAAmB,CAAC;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;CACvB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG,OAAO,CACpC,sBAAsB,GACtB;IACE,OAAO,CAAC,EAAE;QACR,MAAM,CAAC,EAAE,OAAO,CAAC,kBAAkB,CAAC,CAAC;QACrC,IAAI,CAAC,EAAE,YAAY,CAAC;KACrB,CAAC;CACH,CACJ,GAAG;IAGF,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,UAAU,GAAG,kBAAkB,GAAG;IAC5C,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,IAAI,CAAC,sBAAsB,EAAE,UAAU,CAetE,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,eAAO,MAAM,iBAAiB,YACpB,OAAO,CAAC,UAAU,CAAC,KAC1B,sBA8CF,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,eAAO,MAAM,qBAAqB,eAAgB,UAAU,mBACrC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qBA2DugW,CAAC;6BAAsG,CAAC;;;sBAAke,CAAC;yBAA4H,CAAC;;;qBAA+H,CAAC;;;;;;;;;;;;;;;;;;iBAA8pE,CAAC;;;;;;;6BAAg6C,CAAC;sBAAoC,CAAC;;aAAoC,CAAC;;6BAA0D,CAAC;oBAA8B,CAAC;0BAAkE,CAAC;;qBAA2C,CAAC;mBAAiC,CAAC;;wBAA+C,CAAC;eAAmD,CAAC;iBAA4C,CAAC;2BAAyC,CAAC;;;;;;;;;yBAA4zC,CAAC;6BAAwC,CAAC;;;eAAkD,CAAC;mBAAuB,CAAC;;;;CADh1iB,CAAC"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/nextjs/config.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAGvC,OAAO,EACL,KAAK,YAAY,EACjB,KAAK,kBAAkB,EACxB,MAAM,uBAAuB,CAAC;AAI/B,OAAO,EAEL,KAAK,mBAAmB,EACzB,MAAM,8BAA8B,CAAC;AAGtC,YAAY,EAAE,mBAAmB,EAAE,CAAC;AAIpC;;;GAGG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,mBAAmB,CAAC;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;IACtB,sBAAsB,CAAC,EAAE,WAAW,GAAG,MAAM,CAAC;CAC/C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG,OAAO,CACpC,sBAAsB,GACtB;IACE,OAAO,CAAC,EAAE;QACR,MAAM,CAAC,EAAE,OAAO,CAAC,kBAAkB,CAAC,CAAC;QACrC,IAAI,CAAC,EAAE,YAAY,CAAC;KACrB,CAAC;CACH,CACJ,GAAG;IAGF,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,sBAAsB,CAAC,EAAE,WAAW,GAAG,MAAM,CAAC;CAC/C,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,UAAU,GAAG,kBAAkB,GAAG;IAC5C,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,IAAI,CAAC,sBAAsB,EAAE,UAAU,CAetE,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,eAAO,MAAM,iBAAiB,YACpB,OAAO,CAAC,UAAU,CAAC,KAC1B,sBA+CF,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,eAAO,MAAM,qBAAqB,eAAgB,UAAU,mBACrC,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qBA2Ds4V,CAAC;6BAAsG,CAAC;;;sBAAke,CAAC;yBAA4H,CAAC;;;qBAA+H,CAAC;;;;;;;;;;;;;;;;;;iBAA8pE,CAAC;;;;;;;6BAAg6C,CAAC;sBAAoC,CAAC;;aAAoC,CAAC;;6BAA0D,CAAC;oBAA8B,CAAC;0BAAkE,CAAC;;qBAA2C,CAAC;mBAAiC,CAAC;;wBAA+C,CAAC;eAAmD,CAAC;iBAA4C,CAAC;2BAAyC,CAAC;;;;;;;;;yBAA4zC,CAAC;6BAAwC,CAAC;;;eAAkD,CAAC;mBAAuB,CAAC;;;;CAD/siB,CAAC"}

package/dist/nextjs/config.js

@@ -16,7 +16,7 @@ export const defaultAuthConfig = {
     challengeUrl: "/api/auth/challenge",
     refreshUrl: "/api/auth/refresh",
     logoutUrl: "/api/auth/logout",
-    logoutCallbackUrl: "/api/auth/logoutcallback",
+    logoutCallbackUrl: "/",
     loginUrl: "/",
     include: ["/**"],
     exclude: ["/api/auth/**"],
@@ -65,6 +65,7 @@ export const resolveAuthConfig = (config = {}) => {
         basePath: process.env._civic_auth_base_path || "",
         baseUrl: process.env._civic_auth_base_url,
         autoRedirect: process.env._civic_auth_auto_redirect === "false" ? false : undefined,
+        targetContainerElement: process.env._civic_auth_target_container_element,
     });
     // Ensure "/api/auth/**" is always excluded
     const finalExclude = new Set([
@@ -137,7 +138,7 @@ export const createCivicAuthPlugin = (authConfig) => {
             if (!authConfig.logoutUrl)
                 defaultUrlsWithBasePath.logoutUrl = `${basePath}/api/auth/logout`;
             if (!authConfig.logoutCallbackUrl)
-                defaultUrlsWithBasePath.logoutCallbackUrl = `${basePath}/api/auth/logoutcallback`;
+                defaultUrlsWithBasePath.logoutCallbackUrl = `${basePath}`;
             if (!authConfig.loginUrl && authConfig.loginUrl !== "")
                 defaultUrlsWithBasePath.loginUrl = basePath;
         }

package/dist/nextjs/config.js.map

@@ -1 +1 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/nextjs/config.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAGN,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,KAAK,EAAE,MAAM,cAAc,CAAC;AACrC,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EACL,wBAAwB,GAEzB,MAAM,8BAA8B,CAAC;AAKtC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;AA8D5C;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAA6C;IACzE,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,oBAAoB;IACjC,eAAe,EAAE,SAAS,EAAE,mDAAmD;IAC/E,YAAY,EAAE,qBAAqB;IACnC,UAAU,EAAE,mBAAmB;IAC/B,SAAS,EAAE,kBAAkB;IAC7B,iBAAiB,EAAE,0BAA0B;IAC7C,QAAQ,EAAE,GAAG;IACb,OAAO,EAAE,CAAC,KAAK,CAAC;IAChB,OAAO,EAAE,CAAC,cAAc,CAAC;IACzB,QAAQ,EAAE,EAAE;IACZ,OAAO,EAAE,SAAS,EAAE,8DAA8D;IAClF,YAAY,EAAE,IAAI,EAAE,8BAA8B;IAClD,OAAO,EAAE,wBAAwB,EAAE;CACpC,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAC/B,SAA8B,EAAE,EACR,EAAE;IAC1B,0EAA0E;IAC1E,MAAM,aAAa,GAAG,gBAAgB,CAAC;QACrC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;QAC3C,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB;QAC5C,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB;QACjD,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,6BAA6B;QAC1D,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;QACnD,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;QAC3C,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB;QAC7C,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,+BAA+B;QAC9D,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,uBAAuB;QAC/C,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG,CAAC;QACrD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG,CAAC;QACrD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;YAC5C,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;YACnD,CAAC,CAAC,SAAS;QACb,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,EAAE;QACjD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB;QACzC,YAAY,EACV,OAAO,CAAC,GAAG,CAAC,yBAAyB,KAAK,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;KACxE,CAAe,CAAC;IAEjB,2CAA2C;IAC3C,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;QAC3B,GAAG,iBAAiB,CAAC,OAAO;QAC5B,GAAG,CAAC,aAAa,CAAC,OAAO,IAAI,EAAE,CAAC;QAChC,GAAG,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;KAC1B,CAAC,CAAC;IAEH,6CAA6C;IAC7C,MAAM,YAAY,GAAG,KAAK,CAAC,WAAW,CACpC,EAAE,WAAW,EAAE,KAAK,EAAE,EACtB,iBAAiB,EACjB,aAAa,EACb,MAAM,CACP,CAAC;IAEF,kDAAkD;IAClD,YAAY,CAAC,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAEhD,IAAI,YAAY,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IAED,OAAO,YAA6D,CAAC;AACvE,CAAC,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,UAAsB,EAAE,EAAE;IAC9D,OAAO,CAAC,UAAuB,EAAE,EAAE;QACjC,MAAM,CAAC,KAAK,CACV,kCAAkC,EAClC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CACpC,CAAC;QAEF,uCAAuC;QACvC,MAAM,QAAQ,GAAG,gBAAgB,CAAC,UAAU,EAAE,QAAQ,IAAI,EAAE,CAAC,CAAC;QAE9D,oDAAoD;QACpD,MAAM,uBAAuB,GAAwB,EAAE,CAAC;QAExD,8DAA8D;QAC9D,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC,UAAU,CAAC,WAAW;gBACzB,uBAAuB,CAAC,WAAW,GAAG,GAAG,QAAQ,oBAAoB,CAAC;YACxE,IAAI,CAAC,UAAU,CAAC,YAAY;gBAC1B,uBAAuB,CAAC,YAAY,GAAG,GAAG,QAAQ,qBAAqB,CAAC;YAC1E,IAAI,CAAC,UAAU,CAAC,UAAU;gBACxB,uBAAuB,CAAC,UAAU,GAAG,GAAG,QAAQ,mBAAmB,CAAC;YACtE,IAAI,CAAC,UAAU,CAAC,SAAS;gBACvB,uBAAuB,CAAC,SAAS,GAAG,GAAG,QAAQ,kBAAkB,CAAC;YACpE,IAAI,CAAC,UAAU,CAAC,iBAAiB;gBAC/B,uBAAuB,CAAC,iBAAiB,GAAG,GAAG,QAAQ,0BAA0B,CAAC;YACpF,IAAI,CAAC,UAAU,CAAC,QAAQ,IAAI,UAAU,CAAC,QAAQ,KAAK,EAAE;gBACpD,uBAAuB,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAChD,CAAC;QAED,+DAA+D;QAC/D,MAAM,cAAc,GAAG,iBAAiB,CAAC;YACvC,GAAG,uBAAuB;YAC1B,GAAG,UAAU;YACb,QAAQ;SACT,CAAC,CAAC;QAEH,OAAO;YACL,GAAG,UAAU;YACb,GAAG,EAAE;gBACH,GAAG,UAAU,EAAE,GAAG;gBAClB,6DAA6D;gBAC7D,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,mBAAmB,EAAE,cAAc,CAAC,WAAW;gBAC/C,wBAAwB,EAAE,cAAc,CAAC,WAAW;gBACpD,6BAA6B,EAAE,cAAc,CAAC,eAAe;gBAC7D,yBAAyB,EAAE,cAAc,CAAC,YAAY;gBACtD,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,sBAAsB,EAAE,cAAc,CAAC,SAAS;gBAChD,+BAA+B,EAAE,cAAc,CAAC,iBAAiB;gBACjE,uBAAuB,EAAE,cAAc,CAAC,UAAU;gBAClD,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtD,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtD,yBAAyB,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,OAAO,CAAC;gBACjE,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,oBAAoB,EAAE,cAAc,CAAC,OAAO;gBAC5C,yBAAyB,EAAE,cAAc,CAAC,YAAY,CAAC,QAAQ,EAAE;aAClE;SACF,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC,CAAC","sourcesContent":["/* eslint-disable turbo/no-undeclared-env-vars */\nimport type { NextConfig } from \"next\";\nimport { loggers } from \"@/lib/logger.js\";\nimport { withoutUndefined } from \"@/utils.js\";\nimport {\n  type CookieConfig,\n  type TokensCookieConfig,\n} from \"@/shared/lib/types.js\";\nimport { DEFAULT_AUTH_SERVER } from \"@/constants.js\";\nimport { merge } from \"ts-deepmerge\";\nimport { sanitizeBasePath } from \"./utils.js\";\nimport {\n  createNextJSCookieConfig,\n  type CookiesConfigObject,\n} from \"@/shared/lib/cookieConfig.js\";\n\n// Re-export the shared type for public API\nexport type { CookiesConfigObject };\n\nconst logger = loggers.nextjs.handlers.auth;\n\n/**\n * Configuration values for Civic Auth.\n * Only clientId is required, all others are optional.\n */\nexport type AuthConfigWithDefaults = {\n  clientId: string;\n  oauthServer: string;\n  callbackUrl: string; // where Civic's internal OAuth callback is hosted\n  loginSuccessUrl?: string; // where the user should be sent after the entire login completes, including the token exchange\n  loginUrl: string;\n  logoutUrl: string;\n  logoutCallbackUrl: string;\n  challengeUrl: string;\n  refreshUrl: string;\n  include: string[];\n  exclude: string[];\n  cookies: CookiesConfigObject;\n  basePath?: string;\n  baseUrl?: string; // Public domain for apps behind reverse proxies (e.g., \"https://myapp.com\")\n  autoRedirect: boolean;\n};\n\n/**\n * All possible config values for Civic Auth\n */\nexport type OptionalAuthConfig = Partial<\n  | AuthConfigWithDefaults\n  | {\n      cookies?: {\n        tokens?: Partial<TokensCookieConfig>;\n        user?: CookieConfig;\n      };\n    }\n> & {\n  // Ensure TypeScript understands these properties are available\n  // This doesn't change the public API, just helps TypeScript internally\n  callbackUrl?: string; // where Civic's internal OAuth callback is hosted\n  loginSuccessUrl?: string; // where the user should be sent after the entire login completes, including the token exchange\n  loginUrl?: string;\n  logoutUrl?: string;\n  logoutCallbackUrl?: string;\n  challengeUrl?: string;\n  refreshUrl?: string;\n  include?: string[];\n  exclude?: string[];\n  basePath?: string;\n  baseUrl?: string;\n  oauthServer?: string;\n  autoRedirect?: boolean;\n};\n\n/**\n * Configuration values for Civic Auth.\n * Only clientId is required, all others are optional.\n */\nexport type AuthConfig = OptionalAuthConfig & {\n  clientId: string;\n  exclude?: string[];\n};\n\n/**\n * Default configuration values that will be used if not overridden\n */\nexport const defaultAuthConfig: Omit<AuthConfigWithDefaults, \"clientId\"> = {\n  oauthServer: DEFAULT_AUTH_SERVER,\n  callbackUrl: \"/api/auth/callback\",\n  loginSuccessUrl: undefined, // By default, the user is sent to the redirect_url\n  challengeUrl: \"/api/auth/challenge\",\n  refreshUrl: \"/api/auth/refresh\",\n  logoutUrl: \"/api/auth/logout\",\n  logoutCallbackUrl: \"/api/auth/logoutcallback\",\n  loginUrl: \"/\",\n  include: [\"/**\"],\n  exclude: [\"/api/auth/**\"],\n  basePath: \"\",\n  baseUrl: undefined, // No default - will use request.nextUrl.origin when undefined\n  autoRedirect: true, // Default to current behavior\n  cookies: createNextJSCookieConfig(),\n};\n\n/**\n * Resolves the authentication configuration by combining:\n * 1. Default values\n * 2. Environment variables (set internally by the plugin)\n * 3. Explicitly passed configuration\n *\n * Config will be merged deeply, with arrays not merged, so that the\n * default include list (for example) [\"/*\"] will not be added\n *\n * Note: Developers should not set _civic_auth_* environment variables directly.\n * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n *   callbackUrl: '/custom/callback',\n * })\n * ```\n */\nexport const resolveAuthConfig = (\n  config: Partial<AuthConfig> = {},\n): AuthConfigWithDefaults => {\n  // Read configuration that was set by the plugin via environment variables\n  const configFromEnv = withoutUndefined({\n    clientId: process.env._civic_auth_client_id,\n    oauthServer: process.env._civic_oauth_server,\n    callbackUrl: process.env._civic_auth_callback_url,\n    loginSuccessUrl: process.env._civic_auth_login_success_url,\n    challengeUrl: process.env._civic_auth_challenge_url,\n    loginUrl: process.env._civic_auth_login_url,\n    logoutUrl: process.env._civic_auth_logout_url,\n    logoutCallbackUrl: process.env._civic_auth_logout_callback_url,\n    refreshUrl: process.env._civic_auth_refresh_url,\n    include: process.env._civic_auth_includes?.split(\",\"),\n    exclude: process.env._civic_auth_excludes?.split(\",\"),\n    cookies: process.env._civic_auth_cookie_config\n      ? JSON.parse(process.env._civic_auth_cookie_config)\n      : undefined,\n    basePath: process.env._civic_auth_base_path || \"\",\n    baseUrl: process.env._civic_auth_base_url,\n    autoRedirect:\n      process.env._civic_auth_auto_redirect === \"false\" ? false : undefined,\n  }) as AuthConfig;\n\n  // Ensure \"/api/auth/**\" is always excluded\n  const finalExclude = new Set([\n    ...defaultAuthConfig.exclude,\n    ...(configFromEnv.exclude || []),\n    ...(config.exclude ?? []),\n  ]);\n\n  // Perform a deep merge of the configurations\n  const mergedConfig = merge.withOptions(\n    { mergeArrays: false },\n    defaultAuthConfig,\n    configFromEnv,\n    config,\n  );\n\n  // Override the exclude list with the ensured list\n  mergedConfig.exclude = Array.from(finalExclude);\n\n  if (mergedConfig.clientId === undefined) {\n    throw new Error(\"Civic Auth client ID is required\");\n  }\n\n  return mergedConfig as AuthConfigWithDefaults & { clientId: string };\n};\n\n/**\n * Creates a Next.js plugin that handles auth configuration.\n *\n * This is the main configuration point for the auth system.\n * Do not set _civic_auth_* environment variables directly - instead,\n * pass your configuration here.\n *\n * The only required field is clientId.\n *\n * Notes:\n * - If you provide explicit URLs, they will be used exactly as provided.\n * - Default URLs will automatically include the basePath from your Next.js config.\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n *  clientId: 'my-client-id',\n * });\n * ```\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n *   clientId: 'my-client-id',\n *   callbackUrl: '/custom/callback',\n *   loginUrl: '/custom/login',\n *   logoutUrl: '/custom/logout',\n *   logoutCallbackUrl: '/custom/logoutcallback',\n *   include: ['/protected/*'],\n *   exclude: ['/public/*']\n * })\n * ```\n *\n * The plugin sets internal environment variables that are used by\n * the auth system. These variables should not be set manually.\n */\nexport const createCivicAuthPlugin = (authConfig: AuthConfig) => {\n  return (nextConfig?: NextConfig) => {\n    logger.debug(\n      \"createCivicAuthPlugin nextConfig\",\n      JSON.stringify(nextConfig, null, 2),\n    );\n\n    // Extract basePath from Next.js config\n    const basePath = sanitizeBasePath(nextConfig?.basePath || \"\");\n\n    // Create a copy of default URLs with basePath added\n    const defaultUrlsWithBasePath: Partial<AuthConfig> = {};\n\n    // Only apply to URLs that aren't explicitly set in authConfig\n    if (basePath) {\n      if (!authConfig.callbackUrl)\n        defaultUrlsWithBasePath.callbackUrl = `${basePath}/api/auth/callback`;\n      if (!authConfig.challengeUrl)\n        defaultUrlsWithBasePath.challengeUrl = `${basePath}/api/auth/challenge`;\n      if (!authConfig.refreshUrl)\n        defaultUrlsWithBasePath.refreshUrl = `${basePath}/api/auth/refresh`;\n      if (!authConfig.logoutUrl)\n        defaultUrlsWithBasePath.logoutUrl = `${basePath}/api/auth/logout`;\n      if (!authConfig.logoutCallbackUrl)\n        defaultUrlsWithBasePath.logoutCallbackUrl = `${basePath}/api/auth/logoutcallback`;\n      if (!authConfig.loginUrl && authConfig.loginUrl !== \"\")\n        defaultUrlsWithBasePath.loginUrl = basePath;\n    }\n\n    // Create final config with basePath and possibly modified URLs\n    const resolvedConfig = resolveAuthConfig({\n      ...defaultUrlsWithBasePath,\n      ...authConfig,\n      basePath,\n    });\n\n    return {\n      ...nextConfig,\n      env: {\n        ...nextConfig?.env,\n        // Internal environment variables - do not set these manually\n        _civic_auth_client_id: resolvedConfig.clientId,\n        _civic_oauth_server: resolvedConfig.oauthServer,\n        _civic_auth_callback_url: resolvedConfig.callbackUrl,\n        _civic_auth_login_success_url: resolvedConfig.loginSuccessUrl,\n        _civic_auth_challenge_url: resolvedConfig.challengeUrl,\n        _civic_auth_login_url: resolvedConfig.loginUrl,\n        _civic_auth_logout_url: resolvedConfig.logoutUrl,\n        _civic_auth_logout_callback_url: resolvedConfig.logoutCallbackUrl,\n        _civic_auth_refresh_url: resolvedConfig.refreshUrl,\n        _civic_auth_includes: resolvedConfig.include.join(\",\"),\n        _civic_auth_excludes: resolvedConfig.exclude.join(\",\"),\n        _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies),\n        _civic_auth_base_path: resolvedConfig.basePath,\n        _civic_auth_base_url: resolvedConfig.baseUrl,\n        _civic_auth_auto_redirect: resolvedConfig.autoRedirect.toString(),\n      },\n    };\n  };\n};\n"]}
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/nextjs/config.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAGN,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,KAAK,EAAE,MAAM,cAAc,CAAC;AACrC,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EACL,wBAAwB,GAEzB,MAAM,8BAA8B,CAAC;AAKtC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;AAgE5C;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAA6C;IACzE,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,oBAAoB;IACjC,eAAe,EAAE,SAAS,EAAE,mDAAmD;IAC/E,YAAY,EAAE,qBAAqB;IACnC,UAAU,EAAE,mBAAmB;IAC/B,SAAS,EAAE,kBAAkB;IAC7B,iBAAiB,EAAE,GAAG;IACtB,QAAQ,EAAE,GAAG;IACb,OAAO,EAAE,CAAC,KAAK,CAAC;IAChB,OAAO,EAAE,CAAC,cAAc,CAAC;IACzB,QAAQ,EAAE,EAAE;IACZ,OAAO,EAAE,SAAS,EAAE,8DAA8D;IAClF,YAAY,EAAE,IAAI,EAAE,8BAA8B;IAClD,OAAO,EAAE,wBAAwB,EAAE;CACpC,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAC/B,SAA8B,EAAE,EACR,EAAE;IAC1B,0EAA0E;IAC1E,MAAM,aAAa,GAAG,gBAAgB,CAAC;QACrC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;QAC3C,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB;QAC5C,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB;QACjD,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,6BAA6B;QAC1D,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;QACnD,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;QAC3C,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB;QAC7C,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,+BAA+B;QAC9D,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,uBAAuB;QAC/C,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG,CAAC;QACrD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG,CAAC;QACrD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;YAC5C,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;YACnD,CAAC,CAAC,SAAS;QACb,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,EAAE;QACjD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB;QACzC,YAAY,EACV,OAAO,CAAC,GAAG,CAAC,yBAAyB,KAAK,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QACvE,sBAAsB,EAAE,OAAO,CAAC,GAAG,CAAC,oCAAoC;KACzE,CAAe,CAAC;IAEjB,2CAA2C;IAC3C,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;QAC3B,GAAG,iBAAiB,CAAC,OAAO;QAC5B,GAAG,CAAC,aAAa,CAAC,OAAO,IAAI,EAAE,CAAC;QAChC,GAAG,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;KAC1B,CAAC,CAAC;IAEH,6CAA6C;IAC7C,MAAM,YAAY,GAAG,KAAK,CAAC,WAAW,CACpC,EAAE,WAAW,EAAE,KAAK,EAAE,EACtB,iBAAiB,EACjB,aAAa,EACb,MAAM,CACP,CAAC;IAEF,kDAAkD;IAClD,YAAY,CAAC,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAEhD,IAAI,YAAY,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IAED,OAAO,YAA6D,CAAC;AACvE,CAAC,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,UAAsB,EAAE,EAAE;IAC9D,OAAO,CAAC,UAAuB,EAAE,EAAE;QACjC,MAAM,CAAC,KAAK,CACV,kCAAkC,EAClC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CACpC,CAAC;QAEF,uCAAuC;QACvC,MAAM,QAAQ,GAAG,gBAAgB,CAAC,UAAU,EAAE,QAAQ,IAAI,EAAE,CAAC,CAAC;QAE9D,oDAAoD;QACpD,MAAM,uBAAuB,GAAwB,EAAE,CAAC;QAExD,8DAA8D;QAC9D,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC,UAAU,CAAC,WAAW;gBACzB,uBAAuB,CAAC,WAAW,GAAG,GAAG,QAAQ,oBAAoB,CAAC;YACxE,IAAI,CAAC,UAAU,CAAC,YAAY;gBAC1B,uBAAuB,CAAC,YAAY,GAAG,GAAG,QAAQ,qBAAqB,CAAC;YAC1E,IAAI,CAAC,UAAU,CAAC,UAAU;gBACxB,uBAAuB,CAAC,UAAU,GAAG,GAAG,QAAQ,mBAAmB,CAAC;YACtE,IAAI,CAAC,UAAU,CAAC,SAAS;gBACvB,uBAAuB,CAAC,SAAS,GAAG,GAAG,QAAQ,kBAAkB,CAAC;YACpE,IAAI,CAAC,UAAU,CAAC,iBAAiB;gBAC/B,uBAAuB,CAAC,iBAAiB,GAAG,GAAG,QAAQ,EAAE,CAAC;YAC5D,IAAI,CAAC,UAAU,CAAC,QAAQ,IAAI,UAAU,CAAC,QAAQ,KAAK,EAAE;gBACpD,uBAAuB,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAChD,CAAC;QAED,+DAA+D;QAC/D,MAAM,cAAc,GAAG,iBAAiB,CAAC;YACvC,GAAG,uBAAuB;YAC1B,GAAG,UAAU;YACb,QAAQ;SACT,CAAC,CAAC;QAEH,OAAO;YACL,GAAG,UAAU;YACb,GAAG,EAAE;gBACH,GAAG,UAAU,EAAE,GAAG;gBAClB,6DAA6D;gBAC7D,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,mBAAmB,EAAE,cAAc,CAAC,WAAW;gBAC/C,wBAAwB,EAAE,cAAc,CAAC,WAAW;gBACpD,6BAA6B,EAAE,cAAc,CAAC,eAAe;gBAC7D,yBAAyB,EAAE,cAAc,CAAC,YAAY;gBACtD,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,sBAAsB,EAAE,cAAc,CAAC,SAAS;gBAChD,+BAA+B,EAAE,cAAc,CAAC,iBAAiB;gBACjE,uBAAuB,EAAE,cAAc,CAAC,UAAU;gBAClD,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtD,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtD,yBAAyB,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,OAAO,CAAC;gBACjE,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,oBAAoB,EAAE,cAAc,CAAC,OAAO;gBAC5C,yBAAyB,EAAE,cAAc,CAAC,YAAY,CAAC,QAAQ,EAAE;aAClE;SACF,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC,CAAC","sourcesContent":["/* eslint-disable turbo/no-undeclared-env-vars */\nimport type { NextConfig } from \"next\";\nimport { loggers } from \"@/lib/logger.js\";\nimport { withoutUndefined } from \"@/utils.js\";\nimport {\n  type CookieConfig,\n  type TokensCookieConfig,\n} from \"@/shared/lib/types.js\";\nimport { DEFAULT_AUTH_SERVER } from \"@/constants.js\";\nimport { merge } from \"ts-deepmerge\";\nimport { sanitizeBasePath } from \"./utils.js\";\nimport {\n  createNextJSCookieConfig,\n  type CookiesConfigObject,\n} from \"@/shared/lib/cookieConfig.js\";\n\n// Re-export the shared type for public API\nexport type { CookiesConfigObject };\n\nconst logger = loggers.nextjs.handlers.auth;\n\n/**\n * Configuration values for Civic Auth.\n * Only clientId is required, all others are optional.\n */\nexport type AuthConfigWithDefaults = {\n  clientId: string;\n  oauthServer: string;\n  callbackUrl: string; // where Civic's internal OAuth callback is hosted\n  loginSuccessUrl?: string; // where the user should be sent after the entire login completes, including the token exchange\n  loginUrl: string;\n  logoutUrl: string;\n  logoutCallbackUrl: string;\n  challengeUrl: string;\n  refreshUrl: string;\n  include: string[];\n  exclude: string[];\n  cookies: CookiesConfigObject;\n  basePath?: string;\n  baseUrl?: string; // Public domain for apps behind reverse proxies (e.g., \"https://myapp.com\")\n  autoRedirect: boolean;\n  targetContainerElement?: HTMLElement | string;\n};\n\n/**\n * All possible config values for Civic Auth\n */\nexport type OptionalAuthConfig = Partial<\n  | AuthConfigWithDefaults\n  | {\n      cookies?: {\n        tokens?: Partial<TokensCookieConfig>;\n        user?: CookieConfig;\n      };\n    }\n> & {\n  // Ensure TypeScript understands these properties are available\n  // This doesn't change the public API, just helps TypeScript internally\n  callbackUrl?: string; // where Civic's internal OAuth callback is hosted\n  loginSuccessUrl?: string; // where the user should be sent after the entire login completes, including the token exchange\n  loginUrl?: string;\n  logoutUrl?: string;\n  logoutCallbackUrl?: string;\n  challengeUrl?: string;\n  refreshUrl?: string;\n  include?: string[];\n  exclude?: string[];\n  basePath?: string;\n  baseUrl?: string;\n  oauthServer?: string;\n  autoRedirect?: boolean;\n  targetContainerElement?: HTMLElement | string;\n};\n\n/**\n * Configuration values for Civic Auth.\n * Only clientId is required, all others are optional.\n */\nexport type AuthConfig = OptionalAuthConfig & {\n  clientId: string;\n  exclude?: string[];\n};\n\n/**\n * Default configuration values that will be used if not overridden\n */\nexport const defaultAuthConfig: Omit<AuthConfigWithDefaults, \"clientId\"> = {\n  oauthServer: DEFAULT_AUTH_SERVER,\n  callbackUrl: \"/api/auth/callback\",\n  loginSuccessUrl: undefined, // By default, the user is sent to the redirect_url\n  challengeUrl: \"/api/auth/challenge\",\n  refreshUrl: \"/api/auth/refresh\",\n  logoutUrl: \"/api/auth/logout\",\n  logoutCallbackUrl: \"/\",\n  loginUrl: \"/\",\n  include: [\"/**\"],\n  exclude: [\"/api/auth/**\"],\n  basePath: \"\",\n  baseUrl: undefined, // No default - will use request.nextUrl.origin when undefined\n  autoRedirect: true, // Default to current behavior\n  cookies: createNextJSCookieConfig(),\n};\n\n/**\n * Resolves the authentication configuration by combining:\n * 1. Default values\n * 2. Environment variables (set internally by the plugin)\n * 3. Explicitly passed configuration\n *\n * Config will be merged deeply, with arrays not merged, so that the\n * default include list (for example) [\"/*\"] will not be added\n *\n * Note: Developers should not set _civic_auth_* environment variables directly.\n * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n *   callbackUrl: '/custom/callback',\n * })\n * ```\n */\nexport const resolveAuthConfig = (\n  config: Partial<AuthConfig> = {},\n): AuthConfigWithDefaults => {\n  // Read configuration that was set by the plugin via environment variables\n  const configFromEnv = withoutUndefined({\n    clientId: process.env._civic_auth_client_id,\n    oauthServer: process.env._civic_oauth_server,\n    callbackUrl: process.env._civic_auth_callback_url,\n    loginSuccessUrl: process.env._civic_auth_login_success_url,\n    challengeUrl: process.env._civic_auth_challenge_url,\n    loginUrl: process.env._civic_auth_login_url,\n    logoutUrl: process.env._civic_auth_logout_url,\n    logoutCallbackUrl: process.env._civic_auth_logout_callback_url,\n    refreshUrl: process.env._civic_auth_refresh_url,\n    include: process.env._civic_auth_includes?.split(\",\"),\n    exclude: process.env._civic_auth_excludes?.split(\",\"),\n    cookies: process.env._civic_auth_cookie_config\n      ? JSON.parse(process.env._civic_auth_cookie_config)\n      : undefined,\n    basePath: process.env._civic_auth_base_path || \"\",\n    baseUrl: process.env._civic_auth_base_url,\n    autoRedirect:\n      process.env._civic_auth_auto_redirect === \"false\" ? false : undefined,\n    targetContainerElement: process.env._civic_auth_target_container_element,\n  }) as AuthConfig;\n\n  // Ensure \"/api/auth/**\" is always excluded\n  const finalExclude = new Set([\n    ...defaultAuthConfig.exclude,\n    ...(configFromEnv.exclude || []),\n    ...(config.exclude ?? []),\n  ]);\n\n  // Perform a deep merge of the configurations\n  const mergedConfig = merge.withOptions(\n    { mergeArrays: false },\n    defaultAuthConfig,\n    configFromEnv,\n    config,\n  );\n\n  // Override the exclude list with the ensured list\n  mergedConfig.exclude = Array.from(finalExclude);\n\n  if (mergedConfig.clientId === undefined) {\n    throw new Error(\"Civic Auth client ID is required\");\n  }\n\n  return mergedConfig as AuthConfigWithDefaults & { clientId: string };\n};\n\n/**\n * Creates a Next.js plugin that handles auth configuration.\n *\n * This is the main configuration point for the auth system.\n * Do not set _civic_auth_* environment variables directly - instead,\n * pass your configuration here.\n *\n * The only required field is clientId.\n *\n * Notes:\n * - If you provide explicit URLs, they will be used exactly as provided.\n * - Default URLs will automatically include the basePath from your Next.js config.\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n *  clientId: 'my-client-id',\n * });\n * ```\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n *   clientId: 'my-client-id',\n *   callbackUrl: '/custom/callback',\n *   loginUrl: '/custom/login',\n *   logoutUrl: '/custom/logout',\n *   logoutCallbackUrl: '/custom/logoutcallback',\n *   include: ['/protected/*'],\n *   exclude: ['/public/*']\n * })\n * ```\n *\n * The plugin sets internal environment variables that are used by\n * the auth system. These variables should not be set manually.\n */\nexport const createCivicAuthPlugin = (authConfig: AuthConfig) => {\n  return (nextConfig?: NextConfig) => {\n    logger.debug(\n      \"createCivicAuthPlugin nextConfig\",\n      JSON.stringify(nextConfig, null, 2),\n    );\n\n    // Extract basePath from Next.js config\n    const basePath = sanitizeBasePath(nextConfig?.basePath || \"\");\n\n    // Create a copy of default URLs with basePath added\n    const defaultUrlsWithBasePath: Partial<AuthConfig> = {};\n\n    // Only apply to URLs that aren't explicitly set in authConfig\n    if (basePath) {\n      if (!authConfig.callbackUrl)\n        defaultUrlsWithBasePath.callbackUrl = `${basePath}/api/auth/callback`;\n      if (!authConfig.challengeUrl)\n        defaultUrlsWithBasePath.challengeUrl = `${basePath}/api/auth/challenge`;\n      if (!authConfig.refreshUrl)\n        defaultUrlsWithBasePath.refreshUrl = `${basePath}/api/auth/refresh`;\n      if (!authConfig.logoutUrl)\n        defaultUrlsWithBasePath.logoutUrl = `${basePath}/api/auth/logout`;\n      if (!authConfig.logoutCallbackUrl)\n        defaultUrlsWithBasePath.logoutCallbackUrl = `${basePath}`;\n      if (!authConfig.loginUrl && authConfig.loginUrl !== \"\")\n        defaultUrlsWithBasePath.loginUrl = basePath;\n    }\n\n    // Create final config with basePath and possibly modified URLs\n    const resolvedConfig = resolveAuthConfig({\n      ...defaultUrlsWithBasePath,\n      ...authConfig,\n      basePath,\n    });\n\n    return {\n      ...nextConfig,\n      env: {\n        ...nextConfig?.env,\n        // Internal environment variables - do not set these manually\n        _civic_auth_client_id: resolvedConfig.clientId,\n        _civic_oauth_server: resolvedConfig.oauthServer,\n        _civic_auth_callback_url: resolvedConfig.callbackUrl,\n        _civic_auth_login_success_url: resolvedConfig.loginSuccessUrl,\n        _civic_auth_challenge_url: resolvedConfig.challengeUrl,\n        _civic_auth_login_url: resolvedConfig.loginUrl,\n        _civic_auth_logout_url: resolvedConfig.logoutUrl,\n        _civic_auth_logout_callback_url: resolvedConfig.logoutCallbackUrl,\n        _civic_auth_refresh_url: resolvedConfig.refreshUrl,\n        _civic_auth_includes: resolvedConfig.include.join(\",\"),\n        _civic_auth_excludes: resolvedConfig.exclude.join(\",\"),\n        _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies),\n        _civic_auth_base_path: resolvedConfig.basePath,\n        _civic_auth_base_url: resolvedConfig.baseUrl,\n        _civic_auth_auto_redirect: resolvedConfig.autoRedirect.toString(),\n      },\n    };\n  };\n};\n"]}

package/dist/nextjs/cookies.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cookies.d.ts","sourceRoot":"","sources":["../../src/nextjs/cookies.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAExD;;GAEG;AACH,QAAA,MAAM,gBAAgB,qBAGrB,CAAC;AAEF,cAAM,mBAAoB,SAAQ,aAAa;IAC1B,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;gBAAhD,MAAM,GAAE,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,CAAM;IAOlE,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAKxC,GAAG,CACP,GAAG,EAAE,SAAS,EACd,KAAK,EAAE,MAAM,EACb,oBAAoB,GAAE,OAAO,CAAC,YAAY,CAAM,GAC/C,OAAO,CAAC,IAAI,CAAC;IASV,MAAM,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;CAI5C;AAED,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,CAAC"}
+{"version":3,"file":"cookies.d.ts","sourceRoot":"","sources":["../../src/nextjs/cookies.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAuCxD;;GAEG;AACH,QAAA,MAAM,gBAAgB,qBAGrB,CAAC;AAEF,cAAM,mBAAoB,SAAQ,aAAa;IAC1B,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;gBAAhD,MAAM,GAAE,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,CAAM;IAOlE,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAKxC,GAAG,CACP,GAAG,EAAE,SAAS,EACd,KAAK,EAAE,MAAM,EACb,oBAAoB,GAAE,OAAO,CAAC,YAAY,CAAM,GAC/C,OAAO,CAAC,IAAI,CAAC;IAsBV,MAAM,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;CAI5C;AAED,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,CAAC"}

package/dist/nextjs/cookies.js

@@ -1,7 +1,39 @@
-import { cookies } from "next/headers.js";
+import { cookies, headers } from "next/headers.js";
 import {} from "../shared/lib/types.js";
 import { CookieStorage } from "../shared/lib/storage.js";
 import * as session from "../shared/lib/session.js";
+import { getCookieConfiguration } from "../shared/lib/util.js";
+/**
+ * Create a mock Request object from Next.js headers for cookie configuration
+ */
+const createRequestFromHeaders = async () => {
+    try {
+        const headerStore = await headers();
+        const host = headerStore.get("host");
+        const userAgent = headerStore.get("user-agent");
+        const protocol = headerStore.get("x-forwarded-proto") ||
+            headerStore.get("x-forwarded-protocol") ||
+            (process.env.NODE_ENV === "production" ? "https" : "http");
+        if (!host)
+            return undefined;
+        const url = `${protocol}://${host}/`;
+        // Create a minimal Request object with the headers we need
+        const request = new Request(url, {
+            headers: {
+                "user-agent": userAgent || "",
+                "x-forwarded-proto": headerStore.get("x-forwarded-proto") || "",
+                "x-forwarded-protocol": headerStore.get("x-forwarded-protocol") || "",
+                forwarded: headerStore.get("forwarded") || "",
+            },
+        });
+        return request;
+    }
+    catch (error) {
+        console.error("Error creating request from headers", error);
+        // Headers might not be available in all contexts
+        return undefined;
+    }
+};
 /**
  * Clears all authentication cookies on server. Note, this can only be called by the server
  */
@@ -27,8 +59,18 @@ class NextjsCookieStorage extends CookieStorage {
         const cookieSettings = this.config?.[key] || {
             ...this.settings,
         };
-        const useCookieSettings = { ...cookieSettings, ...cookieConfigOverride };
-        cookieStore.set(key, value, useCookieSettings);
+        // Get dynamic cookie configuration based on environment and browser
+        const request = await createRequestFromHeaders();
+        const dynamicConfig = getCookieConfiguration(request);
+        const useCookieSettings = {
+            ...cookieSettings,
+            ...cookieConfigOverride,
+            // Apply dynamic configuration for secure and sameSite
+            secure: dynamicConfig.secure,
+            sameSite: dynamicConfig.sameSite,
+        };
+        // Respect the httpOnly setting from configuration instead of hardcoding it
+        await cookieStore.set(key, value, useCookieSettings);
     }
     async delete(key) {
         const cookieStore = await cookies();

package/dist/nextjs/cookies.js.map

@@ -1 +1 @@
-{"version":3,"file":"cookies.js","sourceRoot":"","sources":["../../src/nextjs/cookies.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAG1C,OAAO,EAAqB,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,KAAK,OAAO,MAAM,yBAAyB,CAAC;AACnD;;GAEG;AACH,MAAM,gBAAgB,GAAG,KAAK,IAAI,EAAE;IAClC,MAAM,aAAa,GAAG,IAAI,mBAAmB,EAAE,CAAC,CAAC,8CAA8C;IAC/F,MAAM,OAAO,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;AAChD,CAAC,CAAC;AAEF,MAAM,mBAAoB,SAAQ,aAAa;IAC1B;IAAnB,YAAmB,SAAmD,EAAE;QACtE,KAAK,CAAC;YACJ,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,IAAI;SACf,CAAC,CAAC;QAJc,WAAM,GAAN,MAAM,CAA+C;IAKxE,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,OAAO,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,KAAK,IAAI,IAAI,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,GAAG,CACP,GAAc,EACd,KAAa,EACb,uBAA8C,EAAE;QAEhD,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,GAAgB,CAAC,IAAI;YACxD,GAAG,IAAI,CAAC,QAAQ;SACjB,CAAC;QACF,MAAM,iBAAiB,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,oBAAoB,EAAE,CAAC;QACzE,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,iBAAiB,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAc;QACzB,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;CACF;AAED,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,CAAC","sourcesContent":["import { cookies } from \"next/headers.js\";\n\nimport type { KeySetter } from \"@/shared/lib/types.js\";\nimport { type CookieConfig } from \"@/shared/lib/types.js\";\nimport { CookieStorage } from \"@/shared/lib/storage.js\";\nimport * as session from \"@/shared/lib/session.js\";\n/**\n * Clears all authentication cookies on server. Note, this can only be called by the server\n */\nconst clearAuthCookies = async () => {\n  const cookieStorage = new NextjsCookieStorage(); // no cookie storage needed to simply clear it\n  await session.clearAuthCookies(cookieStorage);\n};\n\nclass NextjsCookieStorage extends CookieStorage {\n  constructor(public config: Partial<Record<KeySetter, CookieConfig>> = {}) {\n    super({\n      secure: true,\n      httpOnly: true,\n    });\n  }\n\n  async get(key: string): Promise<string | null> {\n    const cookieStore = await cookies();\n    return cookieStore.get(key)?.value || null;\n  }\n\n  async set(\n    key: KeySetter,\n    value: string,\n    cookieConfigOverride: Partial<CookieConfig> = {},\n  ): Promise<void> {\n    const cookieStore = await cookies();\n    const cookieSettings = this.config?.[key as KeySetter] || {\n      ...this.settings,\n    };\n    const useCookieSettings = { ...cookieSettings, ...cookieConfigOverride };\n    cookieStore.set(key, value, useCookieSettings);\n  }\n\n  async delete(key: KeySetter): Promise<void> {\n    const cookieStore = await cookies();\n    cookieStore.delete(key);\n  }\n}\n\nexport { clearAuthCookies, NextjsCookieStorage };\n"]}
+{"version":3,"file":"cookies.js","sourceRoot":"","sources":["../../src/nextjs/cookies.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAGnD,OAAO,EAAqB,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,KAAK,OAAO,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAE9D;;GAEG;AACH,MAAM,wBAAwB,GAAG,KAAK,IAAkC,EAAE;IACxE,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACrC,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAChD,MAAM,QAAQ,GACZ,WAAW,CAAC,GAAG,CAAC,mBAAmB,CAAC;YACpC,WAAW,CAAC,GAAG,CAAC,sBAAsB,CAAC;YACvC,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAE7D,IAAI,CAAC,IAAI;YAAE,OAAO,SAAS,CAAC;QAE5B,MAAM,GAAG,GAAG,GAAG,QAAQ,MAAM,IAAI,GAAG,CAAC;QAErC,2DAA2D;QAC3D,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE;YAC/B,OAAO,EAAE;gBACP,YAAY,EAAE,SAAS,IAAI,EAAE;gBAC7B,mBAAmB,EAAE,WAAW,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,EAAE;gBAC/D,sBAAsB,EAAE,WAAW,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,EAAE;gBACrE,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE;aAC9C;SACF,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,qCAAqC,EAAE,KAAK,CAAC,CAAC;QAC5D,iDAAiD;QACjD,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,gBAAgB,GAAG,KAAK,IAAI,EAAE;IAClC,MAAM,aAAa,GAAG,IAAI,mBAAmB,EAAE,CAAC,CAAC,8CAA8C;IAC/F,MAAM,OAAO,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;AAChD,CAAC,CAAC;AAEF,MAAM,mBAAoB,SAAQ,aAAa;IAC1B;IAAnB,YAAmB,SAAmD,EAAE;QACtE,KAAK,CAAC;YACJ,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,IAAI;SACf,CAAC,CAAC;QAJc,WAAM,GAAN,MAAM,CAA+C;IAKxE,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,OAAO,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,KAAK,IAAI,IAAI,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,GAAG,CACP,GAAc,EACd,KAAa,EACb,uBAA8C,EAAE;QAEhD,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,GAAgB,CAAC,IAAI;YACxD,GAAG,IAAI,CAAC,QAAQ;SACjB,CAAC;QAEF,oEAAoE;QACpE,MAAM,OAAO,GAAG,MAAM,wBAAwB,EAAE,CAAC;QACjD,MAAM,aAAa,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;QAEtD,MAAM,iBAAiB,GAAG;YACxB,GAAG,cAAc;YACjB,GAAG,oBAAoB;YACvB,sDAAsD;YACtD,MAAM,EAAE,aAAa,CAAC,MAAM;YAC5B,QAAQ,EAAE,aAAa,CAAC,QAAQ;SACjC,CAAC;QAEF,2EAA2E;QAC3E,MAAM,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,iBAAiB,CAAC,CAAC;IACvD,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAc;QACzB,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;CACF;AAED,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,CAAC","sourcesContent":["import { cookies, headers } from \"next/headers.js\";\n\nimport type { KeySetter } from \"@/shared/lib/types.js\";\nimport { type CookieConfig } from \"@/shared/lib/types.js\";\nimport { CookieStorage } from \"@/shared/lib/storage.js\";\nimport * as session from \"@/shared/lib/session.js\";\nimport { getCookieConfiguration } from \"@/shared/lib/util.js\";\n\n/**\n * Create a mock Request object from Next.js headers for cookie configuration\n */\nconst createRequestFromHeaders = async (): Promise<Request | undefined> => {\n  try {\n    const headerStore = await headers();\n    const host = headerStore.get(\"host\");\n    const userAgent = headerStore.get(\"user-agent\");\n    const protocol =\n      headerStore.get(\"x-forwarded-proto\") ||\n      headerStore.get(\"x-forwarded-protocol\") ||\n      (process.env.NODE_ENV === \"production\" ? \"https\" : \"http\");\n\n    if (!host) return undefined;\n\n    const url = `${protocol}://${host}/`;\n\n    // Create a minimal Request object with the headers we need\n    const request = new Request(url, {\n      headers: {\n        \"user-agent\": userAgent || \"\",\n        \"x-forwarded-proto\": headerStore.get(\"x-forwarded-proto\") || \"\",\n        \"x-forwarded-protocol\": headerStore.get(\"x-forwarded-protocol\") || \"\",\n        forwarded: headerStore.get(\"forwarded\") || \"\",\n      },\n    });\n\n    return request;\n  } catch (error) {\n    console.error(\"Error creating request from headers\", error);\n    // Headers might not be available in all contexts\n    return undefined;\n  }\n};\n\n/**\n * Clears all authentication cookies on server. Note, this can only be called by the server\n */\nconst clearAuthCookies = async () => {\n  const cookieStorage = new NextjsCookieStorage(); // no cookie storage needed to simply clear it\n  await session.clearAuthCookies(cookieStorage);\n};\n\nclass NextjsCookieStorage extends CookieStorage {\n  constructor(public config: Partial<Record<KeySetter, CookieConfig>> = {}) {\n    super({\n      secure: true,\n      httpOnly: true,\n    });\n  }\n\n  async get(key: string): Promise<string | null> {\n    const cookieStore = await cookies();\n    return cookieStore.get(key)?.value || null;\n  }\n\n  async set(\n    key: KeySetter,\n    value: string,\n    cookieConfigOverride: Partial<CookieConfig> = {},\n  ): Promise<void> {\n    const cookieStore = await cookies();\n    const cookieSettings = this.config?.[key as KeySetter] || {\n      ...this.settings,\n    };\n\n    // Get dynamic cookie configuration based on environment and browser\n    const request = await createRequestFromHeaders();\n    const dynamicConfig = getCookieConfiguration(request);\n\n    const useCookieSettings = {\n      ...cookieSettings,\n      ...cookieConfigOverride,\n      // Apply dynamic configuration for secure and sameSite\n      secure: dynamicConfig.secure,\n      sameSite: dynamicConfig.sameSite,\n    };\n\n    // Respect the httpOnly setting from configuration instead of hardcoding it\n    await cookieStore.set(key, value, useCookieSettings);\n  }\n\n  async delete(key: KeySetter): Promise<void> {\n    const cookieStore = await cookies();\n    cookieStore.delete(key);\n  }\n}\n\nexport { clearAuthCookies, NextjsCookieStorage };\n"]}

package/dist/nextjs/hooks/useInitialAuthConfig.d.ts

@@ -0,0 +1,31 @@
+import type { GlobalAuthConfig } from "../../reactjs/core/GlobalAuthManager.js";
+import type { VanillaJSDisplayMode } from "../../vanillajs/auth/types/AuthTypes.js";
+import type { User, IframeMode } from "../../types.js";
+export interface UseInitialAuthConfigOptions {
+    displayMode?: VanillaJSDisplayMode;
+    iframeMode?: IframeMode;
+    serverUser?: User | null;
+    nonce?: string;
+    targetContainerElement?: HTMLElement | string;
+    oauthServer?: string;
+    loginSuccessUrl?: string;
+    onUrlChange?: (url: string, source?: string) => void;
+}
+export interface UseInitialAuthConfigOverrides {
+    displayMode?: VanillaJSDisplayMode;
+    iframeMode?: IframeMode;
+    clientId?: string;
+    redirectUrl?: string;
+    logoutRedirectUrl?: string;
+    targetContainerElement?: string;
+}
+/**
+ * Hook that creates the initial auth configuration
+ * Can be used standalone or merged with overrides
+ */
+export declare const useInitialAuthConfig: (options?: UseInitialAuthConfigOptions) => {
+    initialConfig: GlobalAuthConfig;
+    createConfigWithOverrides: (overrides?: UseInitialAuthConfigOverrides) => GlobalAuthConfig;
+    logoutUrl: string;
+};
+//# sourceMappingURL=useInitialAuthConfig.d.ts.map

package/dist/nextjs/hooks/useInitialAuthConfig.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useInitialAuthConfig.d.ts","sourceRoot":"","sources":["../../../src/nextjs/hooks/useInitialAuthConfig.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,qCAAqC,CAAC;AAC5E,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,qCAAqC,CAAC;AAChF,OAAO,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAGnD,MAAM,WAAW,2BAA2B;IAC1C,WAAW,CAAC,EAAE,oBAAoB,CAAC;IACnC,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,UAAU,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sBAAsB,CAAC,EAAE,WAAW,GAAG,MAAM,CAAC;IAC9C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;CACtD;AAED,MAAM,WAAW,6BAA6B;IAC5C,WAAW,CAAC,EAAE,oBAAoB,CAAC;IACnC,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,sBAAsB,CAAC,EAAE,MAAM,CAAC;CACjC;AAED;;;GAGG;AACH,eAAO,MAAM,oBAAoB,aACtB,2BAA2B,KACnC;IACD,aAAa,EAAE,gBAAgB,CAAC;IAChC,yBAAyB,EAAE,CACzB,SAAS,CAAC,EAAE,6BAA6B,KACtC,gBAAgB,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;CA8GnB,CAAC"}

package/dist/nextjs/hooks/useInitialAuthConfig.js

@@ -0,0 +1,109 @@
+/**
+ * Hook for creating the initial auth configuration
+ * Reusable across NextJS components that need to initialize GlobalAuthManager
+ */
+"use client";
+import { useMemo } from "react";
+import { useRouter, usePathname } from "next/navigation.js";
+import { resolveAuthConfig } from "../../nextjs/config.js";
+import { revalidateUserData } from "../../nextjs/actions.js";
+/**
+ * Hook that creates the initial auth configuration
+ * Can be used standalone or merged with overrides
+ */
+export const useInitialAuthConfig = (options = {}) => {
+    const router = useRouter();
+    const pathname = usePathname();
+    const resolvedConfig = resolveAuthConfig(options);
+    const { clientId, oauthServer, loginSuccessUrl, logoutUrl, refreshUrl, logoutCallbackUrl, targetContainerElement, } = resolvedConfig;
+    const baseConfig = useMemo(() => {
+        return {
+            clientId: clientId,
+            loginUrl: typeof window !== "undefined"
+                ? window.location.origin + `/api/auth/login`
+                : undefined,
+            config: {
+                oauthServer: oauthServer,
+                oauthServerBaseUrl: oauthServer,
+            },
+            logoutRedirectUrl: logoutUrl,
+            loginSuccessUrl: loginSuccessUrl,
+            targetContainerElement: targetContainerElement,
+            displayMode: options.displayMode,
+            iframeMode: options.iframeMode,
+            logoutCallbackUrl: logoutCallbackUrl,
+            framework: "nextjs",
+            logging: {
+                level: "debug",
+                enabled: false,
+            },
+            backendEndpoints: {
+                user: "/api/auth/user",
+                refresh: refreshUrl,
+                logout: logoutUrl,
+            },
+            onSignIn: async (error) => {
+                if (error) {
+                    console.error("onSignIn: Error signing in", error);
+                    return;
+                }
+                try {
+                    // Trigger server-side revalidation to force NextAuthProvider to re-run
+                    await revalidateUserData(pathname);
+                    // Navigate if needed
+                    if (loginSuccessUrl && loginSuccessUrl !== pathname) {
+                        router.push(loginSuccessUrl);
+                    }
+                }
+                catch (revalidateError) {
+                    console.error("onSignIn: Revalidation failed:", revalidateError);
+                    // Fallback to router.refresh() if server action fails
+                    router.refresh();
+                }
+            },
+            onUrlChange: options.onUrlChange,
+            initialUser: options.serverUser || null,
+            initialIdToken: null, // ID token is httpOnly and not accessible
+        };
+    }, [
+        clientId,
+        oauthServer,
+        loginSuccessUrl,
+        logoutCallbackUrl,
+        refreshUrl,
+        logoutUrl,
+        router,
+        pathname,
+        targetContainerElement,
+        options.displayMode,
+        options.iframeMode,
+        options.serverUser,
+        options.onUrlChange,
+    ]);
+    const createConfigWithOverrides = useMemo(() => {
+        return (overrides = {}) => {
+            return {
+                ...baseConfig,
+                // Override specific properties while keeping the base config
+                ...(overrides.displayMode && { displayMode: overrides.displayMode }),
+                ...(overrides.iframeMode !== undefined && {
+                    iframeMode: overrides.iframeMode,
+                }),
+                ...(overrides.clientId && { clientId: overrides.clientId }),
+                ...(overrides.redirectUrl && { redirectUrl: overrides.redirectUrl }),
+                ...(overrides.logoutRedirectUrl && {
+                    logoutRedirectUrl: overrides.logoutRedirectUrl,
+                }),
+                ...(overrides.targetContainerElement && {
+                    targetContainerElement: overrides.targetContainerElement,
+                }),
+            };
+        };
+    }, [baseConfig]);
+    return {
+        initialConfig: baseConfig,
+        createConfigWithOverrides,
+        logoutUrl,
+    };
+};
+//# sourceMappingURL=useInitialAuthConfig.js.map

package/dist/nextjs/hooks/useInitialAuthConfig.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"useInitialAuthConfig.js","sourceRoot":"","sources":["../../../src/nextjs/hooks/useInitialAuthConfig.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,YAAY,CAAC;AAEb,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAC;AAChC,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAIvD,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAsBzD;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAClC,UAAuC,EAAE,EAOzC,EAAE;IACF,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;IAC/B,MAAM,cAAc,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAElD,MAAM,EACJ,QAAQ,EACR,WAAW,EACX,eAAe,EACf,SAAS,EACT,UAAU,EACV,iBAAiB,EACjB,sBAAsB,GACvB,GAAG,cAAc,CAAC;IAEnB,MAAM,UAAU,GAAqB,OAAO,CAAC,GAAG,EAAE;QAChD,OAAO;YACL,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EACN,OAAO,MAAM,KAAK,WAAW;gBAC3B,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,iBAAiB;gBAC5C,CAAC,CAAC,SAAS;YACf,MAAM,EAAE;gBACN,WAAW,EAAE,WAAW;gBACxB,kBAAkB,EAAE,WAAW;aAChC;YACD,iBAAiB,EAAE,SAAS;YAC5B,eAAe,EAAE,eAAe;YAChC,sBAAsB,EAAE,sBAAsB;YAC9C,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,iBAAiB,EAAE,iBAAiB;YACpC,SAAS,EAAE,QAAQ;YACnB,OAAO,EAAE;gBACP,KAAK,EAAE,OAAO;gBACd,OAAO,EAAE,KAAK;aACf;YACD,gBAAgB,EAAE;gBAChB,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,UAAU;gBACnB,MAAM,EAAE,SAAS;aAClB;YACD,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;gBACxB,IAAI,KAAK,EAAE,CAAC;oBACV,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;oBACnD,OAAO;gBACT,CAAC;gBAED,IAAI,CAAC;oBACH,uEAAuE;oBACvE,MAAM,kBAAkB,CAAC,QAAQ,CAAC,CAAC;oBACnC,qBAAqB;oBACrB,IAAI,eAAe,IAAI,eAAe,KAAK,QAAQ,EAAE,CAAC;wBACpD,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;oBAC/B,CAAC;gBACH,CAAC;gBAAC,OAAO,eAAe,EAAE,CAAC;oBACzB,OAAO,CAAC,KAAK,CAAC,gCAAgC,EAAE,eAAe,CAAC,CAAC;oBACjE,sDAAsD;oBACtD,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,CAAC;YACH,CAAC;YACD,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,WAAW,EAAE,OAAO,CAAC,UAAU,IAAI,IAAI;YACvC,cAAc,EAAE,IAAI,EAAE,0CAA0C;SACjE,CAAC;IACJ,CAAC,EAAE;QACD,QAAQ;QACR,WAAW;QACX,eAAe;QACf,iBAAiB;QACjB,UAAU;QACV,SAAS;QACT,MAAM;QACN,QAAQ;QACR,sBAAsB;QACtB,OAAO,CAAC,WAAW;QACnB,OAAO,CAAC,UAAU;QAClB,OAAO,CAAC,UAAU;QAClB,OAAO,CAAC,WAAW;KACpB,CAAC,CAAC;IAEH,MAAM,yBAAyB,GAAG,OAAO,CAAC,GAAG,EAAE;QAC7C,OAAO,CACL,YAA2C,EAAE,EAC3B,EAAE;YACpB,OAAO;gBACL,GAAG,UAAU;gBACb,6DAA6D;gBAC7D,GAAG,CAAC,SAAS,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,SAAS,CAAC,WAAW,EAAE,CAAC;gBACpE,GAAG,CAAC,SAAS,CAAC,UAAU,KAAK,SAAS,IAAI;oBACxC,UAAU,EAAE,SAAS,CAAC,UAAU;iBACjC,CAAC;gBACF,GAAG,CAAC,SAAS,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC;gBAC3D,GAAG,CAAC,SAAS,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,SAAS,CAAC,WAAW,EAAE,CAAC;gBACpE,GAAG,CAAC,SAAS,CAAC,iBAAiB,IAAI;oBACjC,iBAAiB,EAAE,SAAS,CAAC,iBAAiB;iBAC/C,CAAC;gBACF,GAAG,CAAC,SAAS,CAAC,sBAAsB,IAAI;oBACtC,sBAAsB,EAAE,SAAS,CAAC,sBAAsB;iBACzD,CAAC;aACH,CAAC;QACJ,CAAC,CAAC;IACJ,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC;IAEjB,OAAO;QACL,aAAa,EAAE,UAAU;QACzB,yBAAyB;QACzB,SAAS;KACV,CAAC;AACJ,CAAC,CAAC","sourcesContent":["/**\n * Hook for creating the initial auth configuration\n * Reusable across NextJS components that need to initialize GlobalAuthManager\n */\n\"use client\";\n\nimport { useMemo } from \"react\";\nimport { useRouter, usePathname } from \"next/navigation.js\";\nimport { resolveAuthConfig } from \"@/nextjs/config.js\";\nimport type { GlobalAuthConfig } from \"@/reactjs/core/GlobalAuthManager.js\";\nimport type { VanillaJSDisplayMode } from \"@/vanillajs/auth/types/AuthTypes.js\";\nimport type { User, IframeMode } from \"@/types.js\";\nimport { revalidateUserData } from \"@/nextjs/actions.js\";\n\nexport interface UseInitialAuthConfigOptions {\n  displayMode?: VanillaJSDisplayMode;\n  iframeMode?: IframeMode;\n  serverUser?: User | null;\n  nonce?: string;\n  targetContainerElement?: HTMLElement | string;\n  oauthServer?: string;\n  loginSuccessUrl?: string;\n  onUrlChange?: (url: string, source?: string) => void;\n}\n\nexport interface UseInitialAuthConfigOverrides {\n  displayMode?: VanillaJSDisplayMode;\n  iframeMode?: IframeMode;\n  clientId?: string;\n  redirectUrl?: string;\n  logoutRedirectUrl?: string;\n  targetContainerElement?: string;\n}\n\n/**\n * Hook that creates the initial auth configuration\n * Can be used standalone or merged with overrides\n */\nexport const useInitialAuthConfig = (\n  options: UseInitialAuthConfigOptions = {},\n): {\n  initialConfig: GlobalAuthConfig;\n  createConfigWithOverrides: (\n    overrides?: UseInitialAuthConfigOverrides,\n  ) => GlobalAuthConfig;\n  logoutUrl: string;\n} => {\n  const router = useRouter();\n  const pathname = usePathname();\n  const resolvedConfig = resolveAuthConfig(options);\n\n  const {\n    clientId,\n    oauthServer,\n    loginSuccessUrl,\n    logoutUrl,\n    refreshUrl,\n    logoutCallbackUrl,\n    targetContainerElement,\n  } = resolvedConfig;\n\n  const baseConfig: GlobalAuthConfig = useMemo(() => {\n    return {\n      clientId: clientId,\n      loginUrl:\n        typeof window !== \"undefined\"\n          ? window.location.origin + `/api/auth/login`\n          : undefined,\n      config: {\n        oauthServer: oauthServer,\n        oauthServerBaseUrl: oauthServer,\n      },\n      logoutRedirectUrl: logoutUrl,\n      loginSuccessUrl: loginSuccessUrl,\n      targetContainerElement: targetContainerElement,\n      displayMode: options.displayMode,\n      iframeMode: options.iframeMode,\n      logoutCallbackUrl: logoutCallbackUrl,\n      framework: \"nextjs\",\n      logging: {\n        level: \"debug\",\n        enabled: false,\n      },\n      backendEndpoints: {\n        user: \"/api/auth/user\",\n        refresh: refreshUrl,\n        logout: logoutUrl,\n      },\n      onSignIn: async (error) => {\n        if (error) {\n          console.error(\"onSignIn: Error signing in\", error);\n          return;\n        }\n\n        try {\n          // Trigger server-side revalidation to force NextAuthProvider to re-run\n          await revalidateUserData(pathname);\n          // Navigate if needed\n          if (loginSuccessUrl && loginSuccessUrl !== pathname) {\n            router.push(loginSuccessUrl);\n          }\n        } catch (revalidateError) {\n          console.error(\"onSignIn: Revalidation failed:\", revalidateError);\n          // Fallback to router.refresh() if server action fails\n          router.refresh();\n        }\n      },\n      onUrlChange: options.onUrlChange,\n      initialUser: options.serverUser || null,\n      initialIdToken: null, // ID token is httpOnly and not accessible\n    };\n  }, [\n    clientId,\n    oauthServer,\n    loginSuccessUrl,\n    logoutCallbackUrl,\n    refreshUrl,\n    logoutUrl,\n    router,\n    pathname,\n    targetContainerElement,\n    options.displayMode,\n    options.iframeMode,\n    options.serverUser,\n    options.onUrlChange,\n  ]);\n\n  const createConfigWithOverrides = useMemo(() => {\n    return (\n      overrides: UseInitialAuthConfigOverrides = {},\n    ): GlobalAuthConfig => {\n      return {\n        ...baseConfig,\n        // Override specific properties while keeping the base config\n        ...(overrides.displayMode && { displayMode: overrides.displayMode }),\n        ...(overrides.iframeMode !== undefined && {\n          iframeMode: overrides.iframeMode,\n        }),\n        ...(overrides.clientId && { clientId: overrides.clientId }),\n        ...(overrides.redirectUrl && { redirectUrl: overrides.redirectUrl }),\n        ...(overrides.logoutRedirectUrl && {\n          logoutRedirectUrl: overrides.logoutRedirectUrl,\n        }),\n        ...(overrides.targetContainerElement && {\n          targetContainerElement: overrides.targetContainerElement,\n        }),\n      };\n    };\n  }, [baseConfig]);\n\n  return {\n    initialConfig: baseConfig,\n    createConfigWithOverrides,\n    logoutUrl,\n  };\n};\n"]}

package/dist/nextjs/index.d.ts

@@ -9,4 +9,5 @@ export { handler } from "../nextjs/routeHandler.js";
 export { NextjsCookieStorage } from "../nextjs/cookies.js";
 export type { AuthConfig, CookiesConfigObject, AuthConfigWithDefaults, } from "../nextjs/config.js";
 export { CivicNextAuthProvider as CivicAuthProvider, type NextCivicAuthProviderProps as AuthProviderProps, } from "../nextjs/providers/NextAuthProvider.js";
+export { revalidateUserData } from "../nextjs/actions.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/nextjs/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/nextjs/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAUvD,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAChF,OAAO,EAAE,iBAAiB,EAAE,CAAC;AAE7B,OAAO,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAW9E,eAAO,MAAM,UAAU,QAAa,OAAO,CAAC,OAAO,CAIlD,CAAC;AAEF,eAAO,MAAM,OAAO,GAClB,CAAC,SAAS,aAAa,qBACpB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAK1B,CAAC;AAEF,eAAO,MAAM,SAAS,QAAa,OAAO,CAAC,WAAW,GAAG,IAAI,CAK5D,CAAC;AAEF,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,YAAY,EACV,UAAU,EACV,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,qBAAqB,IAAI,iBAAiB,EAC1C,KAAK,0BAA0B,IAAI,iBAAiB,GACrD,MAAM,wCAAwC,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/nextjs/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAWvD,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAChF,OAAO,EAAE,iBAAiB,EAAE,CAAC;AAE7B,OAAO,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAmB9E,eAAO,MAAM,UAAU,QAAa,OAAO,CAAC,OAAO,CAIlD,CAAC;AAEF,eAAO,MAAM,OAAO,GAClB,CAAC,SAAS,aAAa,qBACpB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAK1B,CAAC;AAEF,eAAO,MAAM,SAAS,QAAa,OAAO,CAAC,WAAW,GAAG,IAAI,CAK5D,CAAC;AAEF,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,YAAY,EACV,UAAU,EACV,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,qBAAqB,IAAI,iBAAiB,EAC1C,KAAK,0BAA0B,IAAI,iBAAiB,GACrD,MAAM,wCAAwC,CAAC;AAGhD,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/nextjs/index.js

@@ -4,11 +4,19 @@ import { ServerAuthenticationResolver } from "../server/ServerAuthenticationReso
 import { printVersion } from "../shared/index.js";
 printVersion();
 import { getTokens as getSessionTokens, getUser as getSessionUser, } from "../shared/lib/session.js";
+import { UserStorage } from "../shared/lib/types.js";
 export { resolveAuthConfig };
 export { createCivicAuthPlugin, defaultAuthConfig } from "../nextjs/config.js";
+const getConfiguredCookieStorage = () => {
+    const config = resolveAuthConfig();
+    return new NextjsCookieStorage({
+        ...config.cookies?.tokens,
+        [UserStorage.USER]: config.cookies?.user,
+    });
+};
 const getAuthResolver = async () => {
     const config = resolveAuthConfig();
-    const clientStorage = new NextjsCookieStorage();
+    const clientStorage = getConfiguredCookieStorage();
     return ServerAuthenticationResolver.build({ ...config, redirectUrl: config.callbackUrl }, clientStorage);
 };
 export const isLoggedIn = async () => {
@@ -20,17 +28,19 @@ export const getUser = async () => {
     const hasValidSession = await isLoggedIn();
     if (!hasValidSession)
         return null;
-    const clientStorage = new NextjsCookieStorage();
+    const clientStorage = getConfiguredCookieStorage();
     return getSessionUser(clientStorage);
 };
 export const getTokens = async () => {
     const hasValidSession = await isLoggedIn();
     if (!hasValidSession)
         return null;
-    const clientStorage = new NextjsCookieStorage();
+    const clientStorage = getConfiguredCookieStorage();
     return getSessionTokens(clientStorage);
 };
 export { handler } from "../nextjs/routeHandler.js";
 export { NextjsCookieStorage } from "../nextjs/cookies.js";
 export { CivicNextAuthProvider as CivicAuthProvider, } from "../nextjs/providers/NextAuthProvider.js";
+// NextJS server actions
+export { revalidateUserData } from "../nextjs/actions.js";
 //# sourceMappingURL=index.js.map

package/dist/nextjs/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/nextjs/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,4BAA4B,EAAE,MAAM,0CAA0C,CAAC;AAExF,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,YAAY,EAAE,CAAC;AACf,OAAO,EACL,SAAS,IAAI,gBAAgB,EAC7B,OAAO,IAAI,cAAc,GAC1B,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EAAE,iBAAiB,EAAE,CAAC;AAE7B,OAAO,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAE9E,MAAM,eAAe,GAAG,KAAK,IAAqC,EAAE;IAClE,MAAM,MAAM,GAAG,iBAAiB,EAAE,CAAC;IACnC,MAAM,aAAa,GAAG,IAAI,mBAAmB,EAAE,CAAC;IAChD,OAAO,4BAA4B,CAAC,KAAK,CACvC,EAAE,GAAG,MAAM,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,EAC9C,aAAa,CACd,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,UAAU,GAAG,KAAK,IAAsB,EAAE;IACrD,MAAM,YAAY,GAAG,MAAM,eAAe,EAAE,CAAC;IAC7C,MAAM,eAAe,GAAG,MAAM,YAAY,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;IAC1E,OAAO,eAAe,CAAC,aAAa,CAAC;AACvC,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,OAAO,GAAG,KAAK,IAEC,EAAE;IAC7B,MAAM,eAAe,GAAG,MAAM,UAAU,EAAE,CAAC;IAC3C,IAAI,CAAC,eAAe;QAAE,OAAO,IAAI,CAAC;IAClC,MAAM,aAAa,GAAG,IAAI,mBAAmB,EAAE,CAAC;IAChD,OAAO,cAAc,CAAI,aAAa,CAAC,CAAC;AAC1C,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,SAAS,GAAG,KAAK,IAAiC,EAAE;IAC/D,MAAM,eAAe,GAAG,MAAM,UAAU,EAAE,CAAC;IAC3C,IAAI,CAAC,eAAe;QAAE,OAAO,IAAI,CAAC;IAClC,MAAM,aAAa,GAAG,IAAI,mBAAmB,EAAE,CAAC;IAChD,OAAO,gBAAgB,CAAC,aAAa,CAAC,CAAC;AACzC,CAAC,CAAC;AAEF,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAM1D,OAAO,EACL,qBAAqB,IAAI,iBAAiB,GAE3C,MAAM,wCAAwC,CAAC","sourcesContent":["import { resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { NextjsCookieStorage } from \"@/nextjs/cookies.js\";\nimport { ServerAuthenticationResolver } from \"@/server/ServerAuthenticationResolver.js\";\nimport type { AuthenticationResolver } from \"@/services/types.js\";\nimport { printVersion } from \"@/shared/index.js\";\nprintVersion();\nimport {\n  getTokens as getSessionTokens,\n  getUser as getSessionUser,\n} from \"@/shared/lib/session.js\";\nimport type { EmptyObject, OAuthTokens, UnknownObject, User } from \"@/types.js\";\nexport { resolveAuthConfig };\n\nexport { createCivicAuthPlugin, defaultAuthConfig } from \"@/nextjs/config.js\";\n\nconst getAuthResolver = async (): Promise<AuthenticationResolver> => {\n  const config = resolveAuthConfig();\n  const clientStorage = new NextjsCookieStorage();\n  return ServerAuthenticationResolver.build(\n    { ...config, redirectUrl: config.callbackUrl },\n    clientStorage,\n  );\n};\n\nexport const isLoggedIn = async (): Promise<boolean> => {\n  const authResolver = await getAuthResolver();\n  const existingSession = await authResolver.validateExistingSession(false);\n  return existingSession.authenticated;\n};\n\nexport const getUser = async <\n  T extends UnknownObject = EmptyObject,\n>(): Promise<User<T> | null> => {\n  const hasValidSession = await isLoggedIn();\n  if (!hasValidSession) return null;\n  const clientStorage = new NextjsCookieStorage();\n  return getSessionUser<T>(clientStorage);\n};\n\nexport const getTokens = async (): Promise<OAuthTokens | null> => {\n  const hasValidSession = await isLoggedIn();\n  if (!hasValidSession) return null;\n  const clientStorage = new NextjsCookieStorage();\n  return getSessionTokens(clientStorage);\n};\n\nexport { handler } from \"@/nextjs/routeHandler.js\";\nexport { NextjsCookieStorage } from \"@/nextjs/cookies.js\";\nexport type {\n  AuthConfig,\n  CookiesConfigObject,\n  AuthConfigWithDefaults,\n} from \"@/nextjs/config.js\";\nexport {\n  CivicNextAuthProvider as CivicAuthProvider,\n  type NextCivicAuthProviderProps as AuthProviderProps,\n} from \"@/nextjs/providers/NextAuthProvider.js\";\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/nextjs/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,4BAA4B,EAAE,MAAM,0CAA0C,CAAC;AAExF,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,YAAY,EAAE,CAAC;AACf,OAAO,EACL,SAAS,IAAI,gBAAgB,EAC7B,OAAO,IAAI,cAAc,GAC1B,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAEpD,OAAO,EAAE,iBAAiB,EAAE,CAAC;AAE7B,OAAO,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAE9E,MAAM,0BAA0B,GAAG,GAAwB,EAAE;IAC3D,MAAM,MAAM,GAAG,iBAAiB,EAAE,CAAC;IACnC,OAAO,IAAI,mBAAmB,CAAC;QAC7B,GAAG,MAAM,CAAC,OAAO,EAAE,MAAM;QACzB,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,OAAO,EAAE,IAAI;KACzC,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,MAAM,eAAe,GAAG,KAAK,IAAqC,EAAE;IAClE,MAAM,MAAM,GAAG,iBAAiB,EAAE,CAAC;IACnC,MAAM,aAAa,GAAG,0BAA0B,EAAE,CAAC;IACnD,OAAO,4BAA4B,CAAC,KAAK,CACvC,EAAE,GAAG,MAAM,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,EAC9C,aAAa,CACd,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,UAAU,GAAG,KAAK,IAAsB,EAAE;IACrD,MAAM,YAAY,GAAG,MAAM,eAAe,EAAE,CAAC;IAC7C,MAAM,eAAe,GAAG,MAAM,YAAY,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;IAC1E,OAAO,eAAe,CAAC,aAAa,CAAC;AACvC,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,OAAO,GAAG,KAAK,IAEC,EAAE;IAC7B,MAAM,eAAe,GAAG,MAAM,UAAU,EAAE,CAAC;IAC3C,IAAI,CAAC,eAAe;QAAE,OAAO,IAAI,CAAC;IAClC,MAAM,aAAa,GAAG,0BAA0B,EAAE,CAAC;IACnD,OAAO,cAAc,CAAI,aAAa,CAAC,CAAC;AAC1C,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,SAAS,GAAG,KAAK,IAAiC,EAAE;IAC/D,MAAM,eAAe,GAAG,MAAM,UAAU,EAAE,CAAC;IAC3C,IAAI,CAAC,eAAe;QAAE,OAAO,IAAI,CAAC;IAClC,MAAM,aAAa,GAAG,0BAA0B,EAAE,CAAC;IACnD,OAAO,gBAAgB,CAAC,aAAa,CAAC,CAAC;AACzC,CAAC,CAAC;AAEF,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAM1D,OAAO,EACL,qBAAqB,IAAI,iBAAiB,GAE3C,MAAM,wCAAwC,CAAC;AAEhD,wBAAwB;AACxB,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC","sourcesContent":["import { resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { NextjsCookieStorage } from \"@/nextjs/cookies.js\";\nimport { ServerAuthenticationResolver } from \"@/server/ServerAuthenticationResolver.js\";\nimport type { AuthenticationResolver } from \"@/services/types.js\";\nimport { printVersion } from \"@/shared/index.js\";\nprintVersion();\nimport {\n  getTokens as getSessionTokens,\n  getUser as getSessionUser,\n} from \"@/shared/lib/session.js\";\nimport { UserStorage } from \"@/shared/lib/types.js\";\nimport type { EmptyObject, OAuthTokens, UnknownObject, User } from \"@/types.js\";\nexport { resolveAuthConfig };\n\nexport { createCivicAuthPlugin, defaultAuthConfig } from \"@/nextjs/config.js\";\n\nconst getConfiguredCookieStorage = (): NextjsCookieStorage => {\n  const config = resolveAuthConfig();\n  return new NextjsCookieStorage({\n    ...config.cookies?.tokens,\n    [UserStorage.USER]: config.cookies?.user,\n  });\n};\n\nconst getAuthResolver = async (): Promise<AuthenticationResolver> => {\n  const config = resolveAuthConfig();\n  const clientStorage = getConfiguredCookieStorage();\n  return ServerAuthenticationResolver.build(\n    { ...config, redirectUrl: config.callbackUrl },\n    clientStorage,\n  );\n};\n\nexport const isLoggedIn = async (): Promise<boolean> => {\n  const authResolver = await getAuthResolver();\n  const existingSession = await authResolver.validateExistingSession(false);\n  return existingSession.authenticated;\n};\n\nexport const getUser = async <\n  T extends UnknownObject = EmptyObject,\n>(): Promise<User<T> | null> => {\n  const hasValidSession = await isLoggedIn();\n  if (!hasValidSession) return null;\n  const clientStorage = getConfiguredCookieStorage();\n  return getSessionUser<T>(clientStorage);\n};\n\nexport const getTokens = async (): Promise<OAuthTokens | null> => {\n  const hasValidSession = await isLoggedIn();\n  if (!hasValidSession) return null;\n  const clientStorage = getConfiguredCookieStorage();\n  return getSessionTokens(clientStorage);\n};\n\nexport { handler } from \"@/nextjs/routeHandler.js\";\nexport { NextjsCookieStorage } from \"@/nextjs/cookies.js\";\nexport type {\n  AuthConfig,\n  CookiesConfigObject,\n  AuthConfigWithDefaults,\n} from \"@/nextjs/config.js\";\nexport {\n  CivicNextAuthProvider as CivicAuthProvider,\n  type NextCivicAuthProviderProps as AuthProviderProps,\n} from \"@/nextjs/providers/NextAuthProvider.js\";\n\n// NextJS server actions\nexport { revalidateUserData } from \"@/nextjs/actions.js\";\n"]}

package/dist/nextjs/providers/NextAuthProvider.d.ts

@@ -1,9 +1,8 @@
-import { type AuthConfigWithDefaults } from "../../nextjs/config.js";
 import type { AuthProviderProps } from "../../shared/providers/types.js";
-type NextCivicAuthProviderInternalProps = Omit<AuthProviderProps, "clientId"> & {
-    resolvedConfig: AuthConfigWithDefaults;
-};
-type NextCivicAuthProviderProps = Omit<NextCivicAuthProviderInternalProps, "clientId" | "resolvedConfig" | "redirectUrl">;
-declare const CivicNextAuthProvider: ({ children, ...props }: NextCivicAuthProviderProps) => import("@emotion/react/jsx-runtime").JSX.Element;
-export { CivicNextAuthProvider, type NextCivicAuthProviderProps };
+type NextCivicAuthProviderProps = Omit<AuthProviderProps, "clientId">;
+export declare function CivicNextAuthProvider({ children, ...props }: NextCivicAuthProviderProps & {
+    redirectOnLogin?: string;
+    redirectOnLogout?: string;
+}): Promise<import("react/jsx-runtime").JSX.Element>;
+export type { NextCivicAuthProviderProps };
 //# sourceMappingURL=NextAuthProvider.d.ts.map

package/dist/nextjs/providers/NextAuthProvider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"NextAuthProvider.d.ts","sourceRoot":"","sources":["../../../src/nextjs/providers/NextAuthProvider.tsx"],"names":[],"mappings":"AAYA,OAAO,EAEL,KAAK,sBAAsB,EAC5B,MAAM,oBAAoB,CAAC;AAe5B,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAkBrE,KAAK,kCAAkC,GAAG,IAAI,CAC5C,iBAAiB,EACjB,UAAU,CACX,GAAG;IACF,cAAc,EAAE,sBAAsB,CAAC;CACxC,CAAC;AACF,KAAK,0BAA0B,GAAG,IAAI,CACpC,kCAAkC,EAClC,UAAU,GAAG,gBAAgB,GAAG,aAAa,CAC9C,CAAC;AA8JF,QAAA,MAAM,qBAAqB,2BAGxB,0BAA0B,qDAgD5B,CAAC;AAEF,OAAO,EAAE,qBAAqB,EAAE,KAAK,0BAA0B,EAAE,CAAC"}
+{"version":3,"file":"NextAuthProvider.d.ts","sourceRoot":"","sources":["../../../src/nextjs/providers/NextAuthProvider.tsx"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAGrE,KAAK,0BAA0B,GAAG,IAAI,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC;AAGtE,wBAAsB,qBAAqB,CAAC,EAC1C,QAAQ,EACR,GAAG,KAAK,EACT,EAAE,0BAA0B,GAAG;IAC9B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B,oDAgBA;AAGD,YAAY,EAAE,0BAA0B,EAAE,CAAC"}