@descope/nextjs-sdk 0.0.23 → 0.2.0

package/README.md

@@ -140,18 +140,17 @@ import { authMiddleware } from '@descope/nextjs-sdk/server'
 export default authMiddleware({
 	// The Descope project ID to use for authentication
 	// Defaults to process.env.DESCOPE_PROJECT_ID
-	projectId: 'your-descope-project-id'
+	projectId: 'your-descope-project-id',
 
 	// The URL to redirect to if the user is not authenticated
 	// Defaults to process.env.SIGN_IN_ROUTE or '/sign-in' if not provided
 	// NOTE: In case it contains query parameters that exist in the original URL, they will override the original query parameters. e.g. if the original URL is /page?param1=1&param2=2 and the redirect URL is /sign-in?param1=3, the final redirect URL will be /sign-in?param1=3&param2=2
-	redirectUrl?: string
+	redirectUrl?: string,
 
-	// An array of public routes that do not require authentication
-	// In addition to the default public routes:
-	// - process.env.SIGN_IN_ROUTE or /sign-in if not provided
-	// - process.env.SIGN_UP_ROUTE or /sign-up if not provided
-	publicRoutes?: string[]
+	// These are the public and private routes in your app. Read more about how to use these below.
+	publicRoutes?: string[],
+	privateRoutes?: string[]
+	// If you having privateRoutes and publicRoutes defined at the same time, privateRoutes will be ignored.
 })
 
 export const config = {
@@ -159,6 +158,41 @@ export const config = {
 }
 ```
 
+##### Public and Private Route Definitions
+
+- **All routes are private by default.**
+- **`publicRoutes`:** Use this to specify which routes do not require authentication. If specified, only these routes and the default public routes will be public.
+- **`privateRoutes`:** Use this to specify which routes require authentication. If specified, only these routes will be private, and all other routes will be public.
+- **Conflict Handling:** If both `publicRoutes` and `privateRoutes` are provided, `privateRoutes` will be ignored, and a warning will be logged.
+
+This setup ensures that you can clearly define which routes in your application require authentication and which do not, while providing a mechanism to handle potential misconfigurations gracefully.
+
+###### Public Routes
+
+- **Description:** An array of public routes that do not require authentication.
+- **Configuration:** Use `publicRoutes` to specify routes that don't require authentication.
+- **Additional Defaults:** In addition to the routes you specify, the following default public routes are included:
+  - `process.env.SIGN_IN_ROUTE` or `/sign-in` if not provided
+  - `process.env.SIGN_UP_ROUTE` or `/sign-up` if not provided
+- **Example:**
+  ```typescript
+  const options = {
+  	publicRoutes: ['/home', '/about']
+  };
+  ```
+
+###### Private Routes
+
+- **Description:** An array of private routes that require authentication.
+- **Configuration:** Use `privateRoutes` to specify routes that require authentication. All other routes will be considered public.
+- **Conflict Handling:** If both `publicRoutes` and `privateRoutes` are defined at the same time, `privateRoutes` will be ignored, and a warning will be logged.
+- **Example:**
+  ```typescript
+  const options = {
+  	privateRoutes: ['/dashboard', '/profile']
+  };
+  ```
+
 ##### Read session information in server side
 
 use the `session()` helper to read session information in Server Components and Route handlers.

package/dist/client/dts/src/server/authMiddleware.d.ts

@@ -4,6 +4,7 @@ type MiddlewareOptions = {
     baseUrl?: string;
     redirectUrl?: string;
     publicRoutes?: string[];
+    privateRoutes?: string[];
 };
 declare const createAuthMiddleware: (options?: MiddlewareOptions) => (req: NextRequest) => Promise<NextResponse<unknown>>;
 export default createAuthMiddleware;

package/dist/dts/src/server/authMiddleware.d.ts

@@ -4,6 +4,7 @@ type MiddlewareOptions = {
     baseUrl?: string;
     redirectUrl?: string;
     publicRoutes?: string[];
+    privateRoutes?: string[];
 };
 declare const createAuthMiddleware: (options?: MiddlewareOptions) => (req: NextRequest) => Promise<NextResponse<unknown>>;
 export default createAuthMiddleware;

package/dist/server/authMiddleware.js

@@ -17,9 +17,21 @@ const getSessionJwt = (req) => {
     return undefined;
 };
 const isPublicRoute = (req, options) => {
+    // Ensure publicRoutes and privateRoutes are arrays, defaulting to empty arrays if not defined
+    const publicRoutes = options.publicRoutes || [];
+    const privateRoutes = options.privateRoutes || [];
     const isDefaultPublicRoute = Object.values(DEFAULT_PUBLIC_ROUTES).includes(req.nextUrl.pathname);
-    const isPublic = options.publicRoutes?.includes(req.nextUrl.pathname);
-    return isDefaultPublicRoute || isPublic;
+    if (publicRoutes.length > 0) {
+        if (privateRoutes.length > 0) {
+            console.warn('Both publicRoutes and privateRoutes are defined. Ignoring privateRoutes.');
+        }
+        return isDefaultPublicRoute || publicRoutes.includes(req.nextUrl.pathname);
+    }
+    if (privateRoutes.length > 0) {
+        return (isDefaultPublicRoute || !privateRoutes.includes(req.nextUrl.pathname));
+    }
+    // If no routes are provided, all routes are private
+    return isDefaultPublicRoute;
 };
 const addSessionToHeadersIfExists = (headers, session) => {
     if (session) {

package/dist/server/authMiddleware.js.map

@@ -1 +1 @@
-{"version":3,"file":"authMiddleware.js","sources":["../../src/server/authMiddleware.ts"],"sourcesContent":["/* eslint-disable no-console */\nimport { NextRequest, NextResponse } from 'next/server';\nimport descopeSdk from '@descope/node-sdk';\nimport type { AuthenticationInfo } from '@descope/node-sdk';\nimport { DEFAULT_PUBLIC_ROUTES, DESCOPE_SESSION_HEADER } from './constants';\nimport { getGlobalSdk } from './sdk';\nimport { mergeSearchParams } from './utils';\n\ntype MiddlewareOptions = {\n\t// The Descope project ID to use for authentication\n\t// Defaults to process.env.DESCOPE_PROJECT_ID\n\tprojectId?: string;\n\n\t// The base URL to use for authentication\n\t// Defaults to process.env.DESCOPE_BASE_URL\n\tbaseUrl?: string;\n\n\t// The URL to redirect to if the user is not authenticated\n\t// Defaults to process.env.SIGN_IN_ROUTE or '/sign-in' if not provided\n\t// NOTE: In case it contains query parameters that exist in the original URL, they will override the original query parameters. e.g. if the original URL is /page?param1=1&param2=2 and the redirect URL is /sign-in?param1=3, the final redirect URL will be /sign-in?param1=3&param2=2\n\tredirectUrl?: string;\n\n\t// An array of public routes that do not require authentication\n\t// In addition to the default public routes:\n\t// - process.env.SIGN_IN_ROUTE or /sign-in if not provided\n\t// - process.env.SIGN_UP_ROUTE or /sign-up if not provided\n\tpublicRoutes?: string[];\n};\n\nconst getSessionJwt = (req: NextRequest): string | undefined => {\n\tlet jwt = req.headers?.get('Authorization')?.split(' ')[1];\n\tif (jwt) {\n\t\treturn jwt;\n\t}\n\n\tjwt = req.cookies?.get(descopeSdk.SessionTokenCookieName)?.value;\n\tif (jwt) {\n\t\treturn jwt;\n\t}\n\treturn undefined;\n};\n\nconst isPublicRoute = (req: NextRequest, options: MiddlewareOptions) => {\n\tconst isDefaultPublicRoute = Object.values(DEFAULT_PUBLIC_ROUTES).includes(\n\t\treq.nextUrl.pathname\n\t);\n\tconst isPublic = options.publicRoutes?.includes(req.nextUrl.pathname);\n\n\treturn isDefaultPublicRoute || isPublic;\n};\n\nconst addSessionToHeadersIfExists = (\n\theaders: Headers,\n\tsession: AuthenticationInfo | undefined\n): Headers => {\n\tif (session) {\n\t\tconst requestHeaders = new Headers(headers);\n\t\trequestHeaders.set(\n\t\t\tDESCOPE_SESSION_HEADER,\n\t\t\tBuffer.from(JSON.stringify(session)).toString('base64')\n\t\t);\n\t\treturn requestHeaders;\n\t}\n\treturn headers;\n};\n\n// returns a Middleware that checks if the user is authenticated\n// if the user is not authenticated, it redirects to the redirectUrl\n// if the user is authenticated, it adds the session to the headers\nconst createAuthMiddleware =\n\t(options: MiddlewareOptions = {}) =>\n\tasync (req: NextRequest) => {\n\t\tconsole.debug('Auth middleware starts');\n\n\t\tconst jwt = getSessionJwt(req);\n\n\t\t// check if the user is authenticated\n\t\tlet session: AuthenticationInfo | undefined;\n\t\ttry {\n\t\t\tsession = await getGlobalSdk({\n\t\t\t\tprojectId: options.projectId,\n\t\t\t\tbaseUrl: options.baseUrl\n\t\t\t}).validateJwt(jwt);\n\t\t} catch (err) {\n\t\t\tconsole.debug('Auth middleware, Failed to validate JWT', err);\n\t\t\tif (!isPublicRoute(req, options)) {\n\t\t\t\tconst redirectUrl = options.redirectUrl || DEFAULT_PUBLIC_ROUTES.signIn;\n\t\t\t\tconst url = req.nextUrl.clone();\n\t\t\t\t// Create a URL object for redirectUrl. 'http://example.com' is just a placeholder.\n\t\t\t\tconst parsedRedirectUrl = new URL(redirectUrl, 'http://example.com');\n\t\t\t\turl.pathname = parsedRedirectUrl.pathname;\n\n\t\t\t\tconst searchParams = mergeSearchParams(\n\t\t\t\t\turl.search,\n\t\t\t\t\tparsedRedirectUrl.search\n\t\t\t\t);\n\t\t\t\tif (searchParams) {\n\t\t\t\t\turl.search = searchParams;\n\t\t\t\t}\n\t\t\t\tconsole.debug(`Auth middleware, Redirecting to ${redirectUrl}`);\n\t\t\t\treturn NextResponse.redirect(url);\n\t\t\t}\n\t\t}\n\n\t\tconsole.debug('Auth middleware finishes');\n\t\t// add the session to the request, if it exists\n\t\tconst headers = addSessionToHeadersIfExists(req.headers, session);\n\t\treturn NextResponse.next({\n\t\t\trequest: {\n\t\t\t\theaders\n\t\t\t}\n\t\t});\n\t};\n\nexport default createAuthMiddleware;\n"],"names":[],"mappings":";;;;;;AAAA;AA6BA,MAAM,aAAa,GAAG,CAAC,GAAgB,KAAwB;AAC9D,IAAA,IAAI,GAAG,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,eAAe,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3D,IAAI,GAAG,EAAE;AACR,QAAA,OAAO,GAAG,CAAC;KACX;AAED,IAAA,GAAG,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,EAAE,KAAK,CAAC;IACjE,IAAI,GAAG,EAAE;AACR,QAAA,OAAO,GAAG,CAAC;KACX;AACD,IAAA,OAAO,SAAS,CAAC;AAClB,CAAC,CAAC;AAEF,MAAM,aAAa,GAAG,CAAC,GAAgB,EAAE,OAA0B,KAAI;AACtE,IAAA,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,QAAQ,CACzE,GAAG,CAAC,OAAO,CAAC,QAAQ,CACpB,CAAC;AACF,IAAA,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,EAAE,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAEtE,OAAO,oBAAoB,IAAI,QAAQ,CAAC;AACzC,CAAC,CAAC;AAEF,MAAM,2BAA2B,GAAG,CACnC,OAAgB,EAChB,OAAuC,KAC3B;IACZ,IAAI,OAAO,EAAE;AACZ,QAAA,MAAM,cAAc,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5C,cAAc,CAAC,GAAG,CACjB,sBAAsB,EACtB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CACvD,CAAC;AACF,QAAA,OAAO,cAAc,CAAC;KACtB;AACD,IAAA,OAAO,OAAO,CAAC;AAChB,CAAC,CAAC;AAEF;AACA;AACA;AACA,MAAM,oBAAoB,GACzB,CAAC,OAAA,GAA6B,EAAE,KAChC,OAAO,GAAgB,KAAI;AAC1B,IAAA,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;AAExC,IAAA,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;;AAG/B,IAAA,IAAI,OAAuC,CAAC;AAC5C,IAAA,IAAI;QACH,OAAO,GAAG,MAAM,YAAY,CAAC;YAC5B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,OAAO,EAAE,OAAO,CAAC,OAAO;AACxB,SAAA,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;KACpB;IAAC,OAAO,GAAG,EAAE;AACb,QAAA,OAAO,CAAC,KAAK,CAAC,yCAAyC,EAAE,GAAG,CAAC,CAAC;QAC9D,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,OAAO,CAAC,EAAE;YACjC,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,qBAAqB,CAAC,MAAM,CAAC;YACxE,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;;YAEhC,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,WAAW,EAAE,oBAAoB,CAAC,CAAC;AACrE,YAAA,GAAG,CAAC,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,CAAC;AAE1C,YAAA,MAAM,YAAY,GAAG,iBAAiB,CACrC,GAAG,CAAC,MAAM,EACV,iBAAiB,CAAC,MAAM,CACxB,CAAC;YACF,IAAI,YAAY,EAAE;AACjB,gBAAA,GAAG,CAAC,MAAM,GAAG,YAAY,CAAC;aAC1B;AACD,YAAA,OAAO,CAAC,KAAK,CAAC,mCAAmC,WAAW,CAAA,CAAE,CAAC,CAAC;AAChE,YAAA,OAAO,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;SAClC;KACD;AAED,IAAA,OAAO,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;;IAE1C,MAAM,OAAO,GAAG,2BAA2B,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAClE,OAAO,YAAY,CAAC,IAAI,CAAC;AACxB,QAAA,OAAO,EAAE;YACR,OAAO;AACP,SAAA;AACD,KAAA,CAAC,CAAC;AACJ;;;;"}
+{"version":3,"file":"authMiddleware.js","sources":["../../src/server/authMiddleware.ts"],"sourcesContent":["/* eslint-disable no-console */\nimport { NextRequest, NextResponse } from 'next/server';\nimport descopeSdk from '@descope/node-sdk';\nimport type { AuthenticationInfo } from '@descope/node-sdk';\nimport { DEFAULT_PUBLIC_ROUTES, DESCOPE_SESSION_HEADER } from './constants';\nimport { getGlobalSdk } from './sdk';\nimport { mergeSearchParams } from './utils';\n\ntype MiddlewareOptions = {\n\t// The Descope project ID to use for authentication\n\t// Defaults to process.env.DESCOPE_PROJECT_ID\n\tprojectId?: string;\n\n\t// The base URL to use for authentication\n\t// Defaults to process.env.DESCOPE_BASE_URL\n\tbaseUrl?: string;\n\n\t// The URL to redirect to if the user is not authenticated\n\t// Defaults to process.env.SIGN_IN_ROUTE or '/sign-in' if not provided\n\t// NOTE: In case it contains query parameters that exist in the original URL, they will override the original query parameters. e.g. if the original URL is /page?param1=1&param2=2 and the redirect URL is /sign-in?param1=3, the final redirect URL will be /sign-in?param1=3&param2=2\n\tredirectUrl?: string;\n\n\t// An array of public routes that do not require authentication\n\t// In addition to the default public routes:\n\t// - process.env.SIGN_IN_ROUTE or /sign-in if not provided\n\t// - process.env.SIGN_UP_ROUTE or /sign-up if not provided\n\tpublicRoutes?: string[];\n\n\t// An array of private routes that require authentication\n\t// If privateRoutes is defined, routes not listed in this array will default to public routes\n\tprivateRoutes?: string[];\n};\n\nconst getSessionJwt = (req: NextRequest): string | undefined => {\n\tlet jwt = req.headers?.get('Authorization')?.split(' ')[1];\n\tif (jwt) {\n\t\treturn jwt;\n\t}\n\n\tjwt = req.cookies?.get(descopeSdk.SessionTokenCookieName)?.value;\n\tif (jwt) {\n\t\treturn jwt;\n\t}\n\treturn undefined;\n};\n\nconst isPublicRoute = (req: NextRequest, options: MiddlewareOptions) => {\n\t// Ensure publicRoutes and privateRoutes are arrays, defaulting to empty arrays if not defined\n\tconst publicRoutes = options.publicRoutes || [];\n\tconst privateRoutes = options.privateRoutes || [];\n\t\n\tconst isDefaultPublicRoute = Object.values(DEFAULT_PUBLIC_ROUTES).includes(\n\t\treq.nextUrl.pathname\n\t);\n\n\tif (publicRoutes.length > 0) {\n\t\tif (privateRoutes.length > 0) {\n\t\t\tconsole.warn(\n\t\t\t\t'Both publicRoutes and privateRoutes are defined. Ignoring privateRoutes.'\n\t\t\t);\n\t\t}\n\t\treturn isDefaultPublicRoute || publicRoutes.includes(req.nextUrl.pathname);\n\t}\n\n\tif (privateRoutes.length > 0) {\n\t\treturn (\n\t\t\tisDefaultPublicRoute || !privateRoutes.includes(req.nextUrl.pathname)\n\t\t);\n\t}\n\n\t// If no routes are provided, all routes are private\n\treturn isDefaultPublicRoute;\n};\n\nconst addSessionToHeadersIfExists = (\n\theaders: Headers,\n\tsession: AuthenticationInfo | undefined\n): Headers => {\n\tif (session) {\n\t\tconst requestHeaders = new Headers(headers);\n\t\trequestHeaders.set(\n\t\t\tDESCOPE_SESSION_HEADER,\n\t\t\tBuffer.from(JSON.stringify(session)).toString('base64')\n\t\t);\n\t\treturn requestHeaders;\n\t}\n\treturn headers;\n};\n\n// returns a Middleware that checks if the user is authenticated\n// if the user is not authenticated, it redirects to the redirectUrl\n// if the user is authenticated, it adds the session to the headers\nconst createAuthMiddleware =\n\t(options: MiddlewareOptions = {}) =>\n\tasync (req: NextRequest) => {\n\t\tconsole.debug('Auth middleware starts');\n\n\t\tconst jwt = getSessionJwt(req);\n\n\t\t// check if the user is authenticated\n\t\tlet session: AuthenticationInfo | undefined;\n\t\ttry {\n\t\t\tsession = await getGlobalSdk({\n\t\t\t\tprojectId: options.projectId,\n\t\t\t\tbaseUrl: options.baseUrl\n\t\t\t}).validateJwt(jwt);\n\t\t} catch (err) {\n\t\t\tconsole.debug('Auth middleware, Failed to validate JWT', err);\n\t\t\tif (!isPublicRoute(req, options)) {\n\t\t\t\tconst redirectUrl = options.redirectUrl || DEFAULT_PUBLIC_ROUTES.signIn;\n\t\t\t\tconst url = req.nextUrl.clone();\n\t\t\t\t// Create a URL object for redirectUrl. 'http://example.com' is just a placeholder.\n\t\t\t\tconst parsedRedirectUrl = new URL(redirectUrl, 'http://example.com');\n\t\t\t\turl.pathname = parsedRedirectUrl.pathname;\n\n\t\t\t\tconst searchParams = mergeSearchParams(\n\t\t\t\t\turl.search,\n\t\t\t\t\tparsedRedirectUrl.search\n\t\t\t\t);\n\t\t\t\tif (searchParams) {\n\t\t\t\t\turl.search = searchParams;\n\t\t\t\t}\n\t\t\t\tconsole.debug(`Auth middleware, Redirecting to ${redirectUrl}`);\n\t\t\t\treturn NextResponse.redirect(url);\n\t\t\t}\n\t\t}\n\n\t\tconsole.debug('Auth middleware finishes');\n\t\t// add the session to the request, if it exists\n\t\tconst headers = addSessionToHeadersIfExists(req.headers, session);\n\t\treturn NextResponse.next({\n\t\t\trequest: {\n\t\t\t\theaders\n\t\t\t}\n\t\t});\n\t};\n\nexport default createAuthMiddleware;\n"],"names":[],"mappings":";;;;;;AAAA;AAiCA,MAAM,aAAa,GAAG,CAAC,GAAgB,KAAwB;AAC9D,IAAA,IAAI,GAAG,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,eAAe,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3D,IAAI,GAAG,EAAE;AACR,QAAA,OAAO,GAAG,CAAC;KACX;AAED,IAAA,GAAG,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,UAAU,CAAC,sBAAsB,CAAC,EAAE,KAAK,CAAC;IACjE,IAAI,GAAG,EAAE;AACR,QAAA,OAAO,GAAG,CAAC;KACX;AACD,IAAA,OAAO,SAAS,CAAC;AAClB,CAAC,CAAC;AAEF,MAAM,aAAa,GAAG,CAAC,GAAgB,EAAE,OAA0B,KAAI;;AAEtE,IAAA,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC;AAChD,IAAA,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,EAAE,CAAC;AAElD,IAAA,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,QAAQ,CACzE,GAAG,CAAC,OAAO,CAAC,QAAQ,CACpB,CAAC;AAEF,IAAA,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE;AAC5B,QAAA,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE;AAC7B,YAAA,OAAO,CAAC,IAAI,CACX,0EAA0E,CAC1E,CAAC;SACF;AACD,QAAA,OAAO,oBAAoB,IAAI,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;KAC3E;AAED,IAAA,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE;AAC7B,QAAA,QACC,oBAAoB,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,EACpE;KACF;;AAGD,IAAA,OAAO,oBAAoB,CAAC;AAC7B,CAAC,CAAC;AAEF,MAAM,2BAA2B,GAAG,CACnC,OAAgB,EAChB,OAAuC,KAC3B;IACZ,IAAI,OAAO,EAAE;AACZ,QAAA,MAAM,cAAc,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5C,cAAc,CAAC,GAAG,CACjB,sBAAsB,EACtB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CACvD,CAAC;AACF,QAAA,OAAO,cAAc,CAAC;KACtB;AACD,IAAA,OAAO,OAAO,CAAC;AAChB,CAAC,CAAC;AAEF;AACA;AACA;AACA,MAAM,oBAAoB,GACzB,CAAC,OAAA,GAA6B,EAAE,KAChC,OAAO,GAAgB,KAAI;AAC1B,IAAA,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;AAExC,IAAA,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;;AAG/B,IAAA,IAAI,OAAuC,CAAC;AAC5C,IAAA,IAAI;QACH,OAAO,GAAG,MAAM,YAAY,CAAC;YAC5B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,OAAO,EAAE,OAAO,CAAC,OAAO;AACxB,SAAA,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;KACpB;IAAC,OAAO,GAAG,EAAE;AACb,QAAA,OAAO,CAAC,KAAK,CAAC,yCAAyC,EAAE,GAAG,CAAC,CAAC;QAC9D,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,OAAO,CAAC,EAAE;YACjC,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,qBAAqB,CAAC,MAAM,CAAC;YACxE,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;;YAEhC,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,WAAW,EAAE,oBAAoB,CAAC,CAAC;AACrE,YAAA,GAAG,CAAC,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,CAAC;AAE1C,YAAA,MAAM,YAAY,GAAG,iBAAiB,CACrC,GAAG,CAAC,MAAM,EACV,iBAAiB,CAAC,MAAM,CACxB,CAAC;YACF,IAAI,YAAY,EAAE;AACjB,gBAAA,GAAG,CAAC,MAAM,GAAG,YAAY,CAAC;aAC1B;AACD,YAAA,OAAO,CAAC,KAAK,CAAC,mCAAmC,WAAW,CAAA,CAAE,CAAC,CAAC;AAChE,YAAA,OAAO,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;SAClC;KACD;AAED,IAAA,OAAO,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;;IAE1C,MAAM,OAAO,GAAG,2BAA2B,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAClE,OAAO,YAAY,CAAC,IAAI,CAAC;AACxB,QAAA,OAAO,EAAE;YACR,OAAO;AACP,SAAA;AACD,KAAA,CAAC,CAAC;AACJ;;;;"}

package/dist/server/constants.js

@@ -1,7 +1,7 @@
 const DESCOPE_SESSION_HEADER = 'x-descope-session';
 const baseHeaders = {
     'x-descope-sdk-name': 'nextjs',
-    'x-descope-sdk-version': "0.0.23"
+    'x-descope-sdk-version': "0.2.0"
 };
 const DEFAULT_PUBLIC_ROUTES = {
     signIn: process.env.SIGN_IN_ROUTE || '/sign-in',

package/dist/server/constants.js.map

@@ -1 +1 @@
-{"version":3,"file":"constants.js","sources":["../../src/server/constants.ts"],"sourcesContent":["// Replaced in build time\ndeclare const BUILD_VERSION: string;\n\nexport const DESCOPE_SESSION_HEADER = 'x-descope-session';\n\nexport const baseHeaders = {\n\t'x-descope-sdk-name': 'nextjs',\n\t'x-descope-sdk-version': BUILD_VERSION\n};\n\nexport const DEFAULT_PUBLIC_ROUTES = {\n\tsignIn: process.env.SIGN_IN_ROUTE || '/sign-in',\n\tsignUp: process.env.SIGN_UP_ROUTE || '/sign-up'\n};\n"],"names":[],"mappings":"AAGO,MAAM,sBAAsB,GAAG,oBAAoB;AAE7C,MAAA,WAAW,GAAG;AAC1B,IAAA,oBAAoB,EAAE,QAAQ;AAC9B,IAAA,uBAAuB,EAAE,QAAa;EACrC;AAEW,MAAA,qBAAqB,GAAG;AACpC,IAAA,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,UAAU;AAC/C,IAAA,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,UAAU;;;;;"}
+{"version":3,"file":"constants.js","sources":["../../src/server/constants.ts"],"sourcesContent":["// Replaced in build time\ndeclare const BUILD_VERSION: string;\n\nexport const DESCOPE_SESSION_HEADER = 'x-descope-session';\n\nexport const baseHeaders = {\n\t'x-descope-sdk-name': 'nextjs',\n\t'x-descope-sdk-version': BUILD_VERSION\n};\n\nexport const DEFAULT_PUBLIC_ROUTES = {\n\tsignIn: process.env.SIGN_IN_ROUTE || '/sign-in',\n\tsignUp: process.env.SIGN_UP_ROUTE || '/sign-up'\n};\n"],"names":[],"mappings":"AAGO,MAAM,sBAAsB,GAAG,oBAAoB;AAE7C,MAAA,WAAW,GAAG;AAC1B,IAAA,oBAAoB,EAAE,QAAQ;AAC9B,IAAA,uBAAuB,EAAE,OAAa;EACrC;AAEW,MAAA,qBAAqB,GAAG;AACpC,IAAA,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,UAAU;AAC/C,IAAA,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,UAAU;;;;;"}

package/dist/server/dts/src/server/authMiddleware.d.ts

@@ -4,6 +4,7 @@ type MiddlewareOptions = {
     baseUrl?: string;
     redirectUrl?: string;
     publicRoutes?: string[];
+    privateRoutes?: string[];
 };
 declare const createAuthMiddleware: (options?: MiddlewareOptions) => (req: NextRequest) => Promise<NextResponse<unknown>>;
 export default createAuthMiddleware;

package/dist/server/index.d.ts

@@ -7,6 +7,7 @@ type MiddlewareOptions = {
     baseUrl?: string;
     redirectUrl?: string;
     publicRoutes?: string[];
+    privateRoutes?: string[];
 };
 declare const createAuthMiddleware: (options?: MiddlewareOptions) => (req: NextRequest) => Promise<NextResponse<unknown>>;
 

package/dist/shared/constants.js

@@ -1,7 +1,7 @@
 // eslint-disable-next-line import/prefer-default-export
 const baseHeaders = {
     'x-descope-sdk-name': 'nextjs',
-    'x-descope-sdk-version': "0.0.23"
+    'x-descope-sdk-version': "0.2.0"
 };
 
 export { baseHeaders };

package/dist/shared/constants.js.map

@@ -1 +1 @@
-{"version":3,"file":"constants.js","sources":["../../src/shared/constants.ts"],"sourcesContent":["// Replaced in build time\ndeclare const BUILD_VERSION: string;\n\n// eslint-disable-next-line import/prefer-default-export\nexport const baseHeaders = {\n\t'x-descope-sdk-name': 'nextjs',\n\t'x-descope-sdk-version': BUILD_VERSION\n};\n"],"names":[],"mappings":"AAGA;AACa,MAAA,WAAW,GAAG;AAC1B,IAAA,oBAAoB,EAAE,QAAQ;AAC9B,IAAA,uBAAuB,EAAE,QAAa;;;;;"}
+{"version":3,"file":"constants.js","sources":["../../src/shared/constants.ts"],"sourcesContent":["// Replaced in build time\ndeclare const BUILD_VERSION: string;\n\n// eslint-disable-next-line import/prefer-default-export\nexport const baseHeaders = {\n\t'x-descope-sdk-name': 'nextjs',\n\t'x-descope-sdk-version': BUILD_VERSION\n};\n"],"names":[],"mappings":"AAGA;AACa,MAAA,WAAW,GAAG;AAC1B,IAAA,oBAAoB,EAAE,QAAQ;AAC9B,IAAA,uBAAuB,EAAE,OAAa;;;;;"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@descope/nextjs-sdk",
-  "version": "0.0.23",
+  "version": "0.2.0",
   "description": "Descope NextJS SDK",
   "author": "Descope Team <info@descope.com>",
   "homepage": "https://github.com/descope/descope-js",
@@ -61,9 +61,9 @@
   },
   "dependencies": {
     "@descope/node-sdk": "1.6.9",
-    "@descope/react-sdk": "2.0.65",
-    "@descope/web-component": "3.22.2",
-    "@descope/core-js-sdk": "2.24.1"
+    "@descope/react-sdk": "2.0.66",
+    "@descope/web-component": "3.23.0",
+    "@descope/core-js-sdk": "2.24.2"
   },
   "devDependencies": {
     "@babel/core": "7.23.9",