@djangocfg/api 2.1.46 → 2.1.48

package/dist/auth.d.cts

@@ -270,6 +270,10 @@ interface AuthContextType {
         message: string;
     }>;
     logout: () => Promise<void>;
+    saveRedirectUrl: (url: string) => void;
+    getRedirectUrl: () => string;
+    clearRedirectUrl: () => void;
+    hasRedirectUrl: () => boolean;
 }
 interface AuthProviderProps {
     children: React$1.ReactNode;
@@ -315,10 +319,13 @@ declare const useAuthRedirectManager: (options?: AuthRedirectOptions) => {
 interface UseAuthGuardOptions {
     redirectTo?: string;
     requireAuth?: boolean;
+    /** Whether to save current URL for redirect after auth (default: true) */
+    saveRedirectUrl?: boolean;
 }
 declare const useAuthGuard: (options?: UseAuthGuardOptions) => {
     isAuthenticated: boolean;
     isLoading: boolean;
+    isRedirecting: boolean;
 };
 
 /**
@@ -370,12 +377,16 @@ interface UseAuthFormOptions {
     redirectUrl?: string;
     /** If true, user must accept terms before submitting. Default: false */
     requireTermsAcceptance?: boolean;
+    /** Path to auth page for auto-OTP detection. Default: '/auth' */
+    authPath?: string;
 }
 declare const useAuthForm: (options: UseAuthFormOptions) => AuthFormState & AuthFormHandlers;
 
 interface UseAutoAuthOptions {
     onOTPDetected?: (otp: string) => void;
     cleanupUrl?: boolean;
+    /** Paths where auto-auth should be active. Default: ['/auth'] */
+    allowedPaths?: string[];
 }
 /**
  * Hook for automatic authentication from URL query parameters
@@ -384,6 +395,7 @@ interface UseAutoAuthOptions {
 declare const useAutoAuth: (options?: UseAutoAuthOptions) => {
     isReady: boolean;
     hasOTP: boolean;
+    isAllowedPath: boolean;
 };
 
 interface UseGithubAuthOptions {

package/dist/auth.d.ts

@@ -270,6 +270,10 @@ interface AuthContextType {
         message: string;
     }>;
     logout: () => Promise<void>;
+    saveRedirectUrl: (url: string) => void;
+    getRedirectUrl: () => string;
+    clearRedirectUrl: () => void;
+    hasRedirectUrl: () => boolean;
 }
 interface AuthProviderProps {
     children: React$1.ReactNode;
@@ -315,10 +319,13 @@ declare const useAuthRedirectManager: (options?: AuthRedirectOptions) => {
 interface UseAuthGuardOptions {
     redirectTo?: string;
     requireAuth?: boolean;
+    /** Whether to save current URL for redirect after auth (default: true) */
+    saveRedirectUrl?: boolean;
 }
 declare const useAuthGuard: (options?: UseAuthGuardOptions) => {
     isAuthenticated: boolean;
     isLoading: boolean;
+    isRedirecting: boolean;
 };
 
 /**
@@ -370,12 +377,16 @@ interface UseAuthFormOptions {
     redirectUrl?: string;
     /** If true, user must accept terms before submitting. Default: false */
     requireTermsAcceptance?: boolean;
+    /** Path to auth page for auto-OTP detection. Default: '/auth' */
+    authPath?: string;
 }
 declare const useAuthForm: (options: UseAuthFormOptions) => AuthFormState & AuthFormHandlers;
 
 interface UseAutoAuthOptions {
     onOTPDetected?: (otp: string) => void;
     cleanupUrl?: boolean;
+    /** Paths where auto-auth should be active. Default: ['/auth'] */
+    allowedPaths?: string[];
 }
 /**
  * Hook for automatic authentication from URL query parameters
@@ -384,6 +395,7 @@ interface UseAutoAuthOptions {
 declare const useAutoAuth: (options?: UseAutoAuthOptions) => {
     isReady: boolean;
     hasOTP: boolean;
+    isAllowedPath: boolean;
 };
 
 interface UseGithubAuthOptions {

package/dist/auth.mjs

@@ -14,7 +14,7 @@ import {
   useEffect as useEffect2,
   useMemo,
   useRef as useRef2,
-  useState as useState2
+  useState as useState3
 } from "react";
 import { useCfgRouter, useLocalStorage, useQueryParams } from "@djangocfg/ui-nextjs/hooks";
 
@@ -3670,6 +3670,185 @@ function getCacheMetadata() {
 }
 __name(getCacheMetadata, "getCacheMetadata");
 
+// src/auth/hooks/useSessionStorage.ts
+import { useState } from "react";
+function useSessionStorage(key, initialValue) {
+  const [storedValue, setStoredValue] = useState(() => {
+    if (typeof window === "undefined") {
+      return initialValue;
+    }
+    try {
+      const item = window.sessionStorage.getItem(key);
+      return item ? JSON.parse(item) : initialValue;
+    } catch (error) {
+      authLogger.error(`Error reading sessionStorage key "${key}":`, error);
+      return initialValue;
+    }
+  });
+  const checkDataSize = /* @__PURE__ */ __name((data) => {
+    try {
+      const jsonString = JSON.stringify(data);
+      const sizeInBytes = new Blob([jsonString]).size;
+      const sizeInKB = sizeInBytes / 1024;
+      if (sizeInKB > 1024) {
+        authLogger.warn(`Data size (${sizeInKB.toFixed(2)}KB) exceeds 1MB limit for key "${key}"`);
+        return false;
+      }
+      return true;
+    } catch (error) {
+      authLogger.error(`Error checking data size for key "${key}":`, error);
+      return false;
+    }
+  }, "checkDataSize");
+  const clearOldData = /* @__PURE__ */ __name(() => {
+    try {
+      const keys = Object.keys(sessionStorage).filter((key2) => key2 && typeof key2 === "string");
+      if (keys.length > 50) {
+        const itemsToRemove = Math.ceil(keys.length * 0.2);
+        for (let i = 0; i < itemsToRemove; i++) {
+          try {
+            const key2 = keys[i];
+            if (key2) {
+              sessionStorage.removeItem(key2);
+              sessionStorage.removeItem(`${key2}_timestamp`);
+            }
+          } catch {
+          }
+        }
+      }
+    } catch (error) {
+      authLogger.error("Error clearing old sessionStorage data:", error);
+    }
+  }, "clearOldData");
+  const forceClearAll = /* @__PURE__ */ __name(() => {
+    try {
+      const keys = Object.keys(sessionStorage);
+      for (const key2 of keys) {
+        try {
+          sessionStorage.removeItem(key2);
+        } catch {
+        }
+      }
+    } catch (error) {
+      authLogger.error("Error force clearing sessionStorage:", error);
+    }
+  }, "forceClearAll");
+  const setValue = /* @__PURE__ */ __name((value) => {
+    try {
+      const valueToStore = value instanceof Function ? value(storedValue) : value;
+      if (!checkDataSize(valueToStore)) {
+        authLogger.warn(`Data size too large for key "${key}", removing key`);
+        try {
+          window.sessionStorage.removeItem(key);
+          window.sessionStorage.removeItem(`${key}_timestamp`);
+        } catch {
+        }
+        setStoredValue(valueToStore);
+        return;
+      }
+      setStoredValue(valueToStore);
+      if (typeof window !== "undefined") {
+        try {
+          window.sessionStorage.setItem(key, JSON.stringify(valueToStore));
+          window.sessionStorage.setItem(`${key}_timestamp`, Date.now().toString());
+        } catch (storageError) {
+          if (storageError.name === "QuotaExceededError" || storageError.code === 22 || storageError.message?.includes("quota")) {
+            authLogger.warn("sessionStorage quota exceeded, clearing old data...");
+            clearOldData();
+            try {
+              window.sessionStorage.setItem(key, JSON.stringify(valueToStore));
+              window.sessionStorage.setItem(`${key}_timestamp`, Date.now().toString());
+            } catch (retryError) {
+              authLogger.error(`Failed to set sessionStorage key "${key}" after clearing old data:`, retryError);
+              try {
+                forceClearAll();
+                window.sessionStorage.setItem(key, JSON.stringify(valueToStore));
+                window.sessionStorage.setItem(`${key}_timestamp`, Date.now().toString());
+              } catch (finalError) {
+                authLogger.error(`Failed to set sessionStorage key "${key}" after force clearing:`, finalError);
+                setStoredValue(valueToStore);
+              }
+            }
+          } else {
+            throw storageError;
+          }
+        }
+      }
+    } catch (error) {
+      authLogger.error(`Error setting sessionStorage key "${key}":`, error);
+      const valueToStore = value instanceof Function ? value(storedValue) : value;
+      setStoredValue(valueToStore);
+    }
+  }, "setValue");
+  const removeValue = /* @__PURE__ */ __name(() => {
+    try {
+      setStoredValue(initialValue);
+      if (typeof window !== "undefined") {
+        try {
+          window.sessionStorage.removeItem(key);
+          window.sessionStorage.removeItem(`${key}_timestamp`);
+        } catch (removeError) {
+          if (removeError.name === "QuotaExceededError" || removeError.code === 22 || removeError.message?.includes("quota")) {
+            authLogger.warn("sessionStorage quota exceeded during removal, clearing old data...");
+            clearOldData();
+            try {
+              window.sessionStorage.removeItem(key);
+              window.sessionStorage.removeItem(`${key}_timestamp`);
+            } catch (retryError) {
+              authLogger.error(`Failed to remove sessionStorage key "${key}" after clearing:`, retryError);
+              forceClearAll();
+            }
+          } else {
+            throw removeError;
+          }
+        }
+      }
+    } catch (error) {
+      authLogger.error(`Error removing sessionStorage key "${key}":`, error);
+    }
+  }, "removeValue");
+  return [storedValue, setValue, removeValue];
+}
+__name(useSessionStorage, "useSessionStorage");
+
+// src/auth/hooks/useAuthRedirect.ts
+var AUTH_REDIRECT_KEY = "auth_redirect_url";
+var useAuthRedirectManager = /* @__PURE__ */ __name((options = {}) => {
+  const { fallbackUrl = "/dashboard", clearOnUse = true } = options;
+  const [redirectUrl, setRedirectUrl, removeRedirectUrl] = useSessionStorage(AUTH_REDIRECT_KEY, "");
+  const setRedirect = /* @__PURE__ */ __name((url) => {
+    setRedirectUrl(url);
+  }, "setRedirect");
+  const getRedirect = /* @__PURE__ */ __name(() => {
+    return redirectUrl;
+  }, "getRedirect");
+  const clearRedirect = /* @__PURE__ */ __name(() => {
+    removeRedirectUrl();
+  }, "clearRedirect");
+  const hasRedirect = /* @__PURE__ */ __name(() => {
+    return redirectUrl.length > 0;
+  }, "hasRedirect");
+  const getFinalRedirectUrl = /* @__PURE__ */ __name(() => {
+    return redirectUrl || fallbackUrl;
+  }, "getFinalRedirectUrl");
+  const useAndClearRedirect = /* @__PURE__ */ __name(() => {
+    const finalUrl = getFinalRedirectUrl();
+    if (clearOnUse) {
+      clearRedirect();
+    }
+    return finalUrl;
+  }, "useAndClearRedirect");
+  return {
+    redirectUrl,
+    setRedirect,
+    getRedirect,
+    clearRedirect,
+    hasRedirect,
+    getFinalRedirectUrl,
+    useAndClearRedirect
+  };
+}, "useAuthRedirectManager");
+
 // src/auth/utils/analytics.ts
 var AnalyticsEvent = /* @__PURE__ */ ((AnalyticsEvent2) => {
   AnalyticsEvent2["AUTH_OTP_REQUEST"] = "auth_otp_request";
@@ -3713,7 +3892,7 @@ import {
   useContext,
   useEffect,
   useRef,
-  useState
+  useState as useState2
 } from "react";
 
 // src/generated/cfg_accounts/_utils/hooks/accounts__auth.ts
@@ -3788,12 +3967,12 @@ __name(useCreateAccountsOtpVerifyCreate, "useCreateAccountsOtpVerifyCreate");
 import { jsx } from "react/jsx-runtime";
 var AccountsContext = createContext(void 0);
 function AccountsProvider({ children }) {
-  const [profile, setProfile] = useState(() => {
+  const [profile, setProfile] = useState2(() => {
     const cached = getCachedProfile();
     return cached || void 0;
   });
-  const [isLoadingProfile, setIsLoadingProfile] = useState(false);
-  const [profileError, setProfileError] = useState(null);
+  const [isLoadingProfile, setIsLoadingProfile] = useState2(false);
+  const [profileError, setProfileError] = useState2(null);
   const profileRef = useRef(profile);
   const isLoadingRef = useRef(false);
   useEffect(() => {
@@ -3917,14 +4096,18 @@ var hasValidTokens = /* @__PURE__ */ __name(() => {
 }, "hasValidTokens");
 var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
   const accounts = useAccountsContext();
-  const [isLoading, setIsLoading] = useState2(() => {
+  const redirectManager = useAuthRedirectManager({
+    fallbackUrl: config?.routes?.defaultCallback || defaultRoutes.defaultCallback,
+    clearOnUse: true
+  });
+  const [isLoading, setIsLoading] = useState3(() => {
     if (typeof window !== "undefined") {
       const hasTokens = hasValidTokens();
       return !hasTokens;
     }
     return true;
   });
-  const [initialized, setInitialized] = useState2(false);
+  const [initialized, setInitialized] = useState3(false);
   const router = useCfgRouter();
   const pathname = usePathname();
   const queryParams = useQueryParams();
@@ -4141,7 +4324,9 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
         if (result.user?.id) {
           Analytics.setUser(String(result.user.id));
         }
-        const finalRedirectUrl = redirectUrl || config?.routes?.defaultCallback || defaultRoutes.defaultCallback;
+        const savedRedirect = redirectManager.useAndClearRedirect();
+        const finalRedirectUrl = redirectUrl || savedRedirect || config?.routes?.defaultCallback || defaultRoutes.defaultCallback;
+        authLogger.info("Redirecting after auth to:", finalRedirectUrl);
         router.hardPush(finalRedirectUrl);
         return {
           success: true,
@@ -4247,7 +4432,12 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
       requestOTP,
       verifyOTP,
       refreshToken,
-      logout
+      logout,
+      // Redirect URL methods
+      saveRedirectUrl: redirectManager.setRedirect,
+      getRedirectUrl: redirectManager.getFinalRedirectUrl,
+      clearRedirectUrl: redirectManager.clearRedirect,
+      hasRedirectUrl: redirectManager.hasRedirect
     }),
     [
       user,
@@ -4264,7 +4454,8 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
       requestOTP,
       verifyOTP,
       refreshToken,
-      logout
+      logout,
+      redirectManager
     ]
   );
   return /* @__PURE__ */ jsx2(AuthContext.Provider, { value, children });
@@ -4280,204 +4471,31 @@ var useAuth = /* @__PURE__ */ __name(() => {
   return context;
 }, "useAuth");
 
-// src/auth/hooks/useSessionStorage.ts
-import { useState as useState3 } from "react";
-function useSessionStorage(key, initialValue) {
-  const [storedValue, setStoredValue] = useState3(() => {
-    if (typeof window === "undefined") {
-      return initialValue;
-    }
-    try {
-      const item = window.sessionStorage.getItem(key);
-      return item ? JSON.parse(item) : initialValue;
-    } catch (error) {
-      authLogger.error(`Error reading sessionStorage key "${key}":`, error);
-      return initialValue;
-    }
-  });
-  const checkDataSize = /* @__PURE__ */ __name((data) => {
-    try {
-      const jsonString = JSON.stringify(data);
-      const sizeInBytes = new Blob([jsonString]).size;
-      const sizeInKB = sizeInBytes / 1024;
-      if (sizeInKB > 1024) {
-        authLogger.warn(`Data size (${sizeInKB.toFixed(2)}KB) exceeds 1MB limit for key "${key}"`);
-        return false;
-      }
-      return true;
-    } catch (error) {
-      authLogger.error(`Error checking data size for key "${key}":`, error);
-      return false;
-    }
-  }, "checkDataSize");
-  const clearOldData = /* @__PURE__ */ __name(() => {
-    try {
-      const keys = Object.keys(sessionStorage).filter((key2) => key2 && typeof key2 === "string");
-      if (keys.length > 50) {
-        const itemsToRemove = Math.ceil(keys.length * 0.2);
-        for (let i = 0; i < itemsToRemove; i++) {
-          try {
-            const key2 = keys[i];
-            if (key2) {
-              sessionStorage.removeItem(key2);
-              sessionStorage.removeItem(`${key2}_timestamp`);
-            }
-          } catch {
-          }
-        }
-      }
-    } catch (error) {
-      authLogger.error("Error clearing old sessionStorage data:", error);
-    }
-  }, "clearOldData");
-  const forceClearAll = /* @__PURE__ */ __name(() => {
-    try {
-      const keys = Object.keys(sessionStorage);
-      for (const key2 of keys) {
-        try {
-          sessionStorage.removeItem(key2);
-        } catch {
-        }
-      }
-    } catch (error) {
-      authLogger.error("Error force clearing sessionStorage:", error);
-    }
-  }, "forceClearAll");
-  const setValue = /* @__PURE__ */ __name((value) => {
-    try {
-      const valueToStore = value instanceof Function ? value(storedValue) : value;
-      if (!checkDataSize(valueToStore)) {
-        authLogger.warn(`Data size too large for key "${key}", removing key`);
-        try {
-          window.sessionStorage.removeItem(key);
-          window.sessionStorage.removeItem(`${key}_timestamp`);
-        } catch {
-        }
-        setStoredValue(valueToStore);
-        return;
-      }
-      setStoredValue(valueToStore);
-      if (typeof window !== "undefined") {
-        try {
-          window.sessionStorage.setItem(key, JSON.stringify(valueToStore));
-          window.sessionStorage.setItem(`${key}_timestamp`, Date.now().toString());
-        } catch (storageError) {
-          if (storageError.name === "QuotaExceededError" || storageError.code === 22 || storageError.message?.includes("quota")) {
-            authLogger.warn("sessionStorage quota exceeded, clearing old data...");
-            clearOldData();
-            try {
-              window.sessionStorage.setItem(key, JSON.stringify(valueToStore));
-              window.sessionStorage.setItem(`${key}_timestamp`, Date.now().toString());
-            } catch (retryError) {
-              authLogger.error(`Failed to set sessionStorage key "${key}" after clearing old data:`, retryError);
-              try {
-                forceClearAll();
-                window.sessionStorage.setItem(key, JSON.stringify(valueToStore));
-                window.sessionStorage.setItem(`${key}_timestamp`, Date.now().toString());
-              } catch (finalError) {
-                authLogger.error(`Failed to set sessionStorage key "${key}" after force clearing:`, finalError);
-                setStoredValue(valueToStore);
-              }
-            }
-          } else {
-            throw storageError;
-          }
-        }
-      }
-    } catch (error) {
-      authLogger.error(`Error setting sessionStorage key "${key}":`, error);
-      const valueToStore = value instanceof Function ? value(storedValue) : value;
-      setStoredValue(valueToStore);
-    }
-  }, "setValue");
-  const removeValue = /* @__PURE__ */ __name(() => {
-    try {
-      setStoredValue(initialValue);
-      if (typeof window !== "undefined") {
-        try {
-          window.sessionStorage.removeItem(key);
-          window.sessionStorage.removeItem(`${key}_timestamp`);
-        } catch (removeError) {
-          if (removeError.name === "QuotaExceededError" || removeError.code === 22 || removeError.message?.includes("quota")) {
-            authLogger.warn("sessionStorage quota exceeded during removal, clearing old data...");
-            clearOldData();
-            try {
-              window.sessionStorage.removeItem(key);
-              window.sessionStorage.removeItem(`${key}_timestamp`);
-            } catch (retryError) {
-              authLogger.error(`Failed to remove sessionStorage key "${key}" after clearing:`, retryError);
-              forceClearAll();
-            }
-          } else {
-            throw removeError;
-          }
-        }
-      }
-    } catch (error) {
-      authLogger.error(`Error removing sessionStorage key "${key}":`, error);
-    }
-  }, "removeValue");
-  return [storedValue, setValue, removeValue];
-}
-__name(useSessionStorage, "useSessionStorage");
-
-// src/auth/hooks/useAuthRedirect.ts
-var AUTH_REDIRECT_KEY = "auth_redirect_url";
-var useAuthRedirectManager = /* @__PURE__ */ __name((options = {}) => {
-  const { fallbackUrl = "/dashboard", clearOnUse = true } = options;
-  const [redirectUrl, setRedirectUrl, removeRedirectUrl] = useSessionStorage(AUTH_REDIRECT_KEY, "");
-  const setRedirect = /* @__PURE__ */ __name((url) => {
-    setRedirectUrl(url);
-  }, "setRedirect");
-  const getRedirect = /* @__PURE__ */ __name(() => {
-    return redirectUrl;
-  }, "getRedirect");
-  const clearRedirect = /* @__PURE__ */ __name(() => {
-    removeRedirectUrl();
-  }, "clearRedirect");
-  const hasRedirect = /* @__PURE__ */ __name(() => {
-    return redirectUrl.length > 0;
-  }, "hasRedirect");
-  const getFinalRedirectUrl = /* @__PURE__ */ __name(() => {
-    return redirectUrl || fallbackUrl;
-  }, "getFinalRedirectUrl");
-  const useAndClearRedirect = /* @__PURE__ */ __name(() => {
-    const finalUrl = getFinalRedirectUrl();
-    if (clearOnUse) {
-      clearRedirect();
-    }
-    return finalUrl;
-  }, "useAndClearRedirect");
-  return {
-    redirectUrl,
-    setRedirect,
-    getRedirect,
-    clearRedirect,
-    hasRedirect,
-    getFinalRedirectUrl,
-    useAndClearRedirect
-  };
-}, "useAuthRedirectManager");
-
 // src/auth/hooks/useAuthGuard.ts
-import { useEffect as useEffect3 } from "react";
+import { useEffect as useEffect3, useState as useState4 } from "react";
 import { useCfgRouter as useCfgRouter2 } from "@djangocfg/ui-nextjs/hooks";
 var useAuthGuard = /* @__PURE__ */ __name((options = {}) => {
-  const { redirectTo = "/auth", requireAuth = true } = options;
-  const { isAuthenticated, isLoading } = useAuth();
+  const { redirectTo = "/auth", requireAuth = true, saveRedirectUrl: shouldSaveUrl = true } = options;
+  const { isAuthenticated, isLoading, saveRedirectUrl } = useAuth();
   const router = useCfgRouter2();
+  const [isRedirecting, setIsRedirecting] = useState4(false);
   useEffect3(() => {
-    if (!isLoading && requireAuth && !isAuthenticated) {
+    if (!isLoading && requireAuth && !isAuthenticated && !isRedirecting) {
+      if (shouldSaveUrl && typeof window !== "undefined") {
+        const currentUrl = window.location.pathname + window.location.search;
+        saveRedirectUrl(currentUrl);
+      }
+      setIsRedirecting(true);
       router.push(redirectTo);
     }
-  }, [isAuthenticated, isLoading, router, redirectTo, requireAuth]);
-  return { isAuthenticated, isLoading };
+  }, [isAuthenticated, isLoading, router, redirectTo, requireAuth, isRedirecting, shouldSaveUrl, saveRedirectUrl]);
+  return { isAuthenticated, isLoading, isRedirecting };
 }, "useAuthGuard");
 
 // src/auth/hooks/useLocalStorage.ts
-import { useState as useState4 } from "react";
+import { useState as useState5 } from "react";
 function useLocalStorage2(key, initialValue) {
-  const [storedValue, setStoredValue] = useState4(() => {
+  const [storedValue, setStoredValue] = useState5(() => {
     if (typeof window === "undefined") {
       return initialValue;
     }
@@ -4635,48 +4653,51 @@ function useLocalStorage2(key, initialValue) {
 __name(useLocalStorage2, "useLocalStorage");
 
 // src/auth/hooks/useAuthForm.ts
-import { useCallback as useCallback3, useEffect as useEffect6, useState as useState5 } from "react";
+import { useCallback as useCallback3, useEffect as useEffect6, useState as useState6 } from "react";
 
 // src/auth/hooks/useAutoAuth.ts
 import { usePathname as usePathname2 } from "next/navigation";
 import { useEffect as useEffect5 } from "react";
 import { useCfgRouter as useCfgRouter3, useQueryParams as useQueryParams2 } from "@djangocfg/ui-nextjs/hooks";
 var useAutoAuth = /* @__PURE__ */ __name((options = {}) => {
-  const { onOTPDetected, cleanupUrl = true } = options;
+  const { onOTPDetected, cleanupUrl = true, allowedPaths = ["/auth"] } = options;
   const queryParams = useQueryParams2();
   const pathname = usePathname2();
   const router = useCfgRouter3();
-  const isReady = !!pathname && !!queryParams.get("otp");
+  const isAllowedPath = allowedPaths.some((path) => pathname === path || pathname?.startsWith(path + "/"));
   const hasOTP = !!queryParams.get("otp");
+  const isReady = !!pathname && hasOTP && isAllowedPath;
   useEffect5(() => {
     if (!isReady) return;
     const queryOtp = queryParams.get("otp");
     if (queryOtp && typeof queryOtp === "string" && queryOtp.length === 6) {
-      authLogger.info("OTP detected in URL:", queryOtp);
+      authLogger.info("OTP detected in URL on auth page:", queryOtp);
       onOTPDetected?.(queryOtp);
     }
     if (cleanupUrl && queryOtp) {
       const cleanQuery = Object.fromEntries(queryParams.entries());
       delete cleanQuery.otp;
-      router.push(`${pathname}?${new URLSearchParams(cleanQuery).toString()}`);
+      const queryString = new URLSearchParams(cleanQuery).toString();
+      router.push(queryString ? `${pathname}?${queryString}` : pathname);
     }
-  }, [pathname, queryParams, onOTPDetected, cleanupUrl, router]);
+  }, [pathname, queryParams, onOTPDetected, cleanupUrl, router, isReady]);
   return {
     isReady,
-    hasOTP
+    hasOTP,
+    isAllowedPath
   };
 }, "useAutoAuth");
 
 // src/auth/hooks/useAuthForm.ts
 var useAuthForm = /* @__PURE__ */ __name((options) => {
-  const { onIdentifierSuccess, onOTPSuccess, onError, sourceUrl, redirectUrl, requireTermsAcceptance = false } = options;
-  const [identifier, setIdentifier] = useState5("");
-  const [channel, setChannel] = useState5("email");
-  const [otp, setOtp] = useState5("");
-  const [isLoading, setIsLoading] = useState5(false);
-  const [acceptedTerms, setAcceptedTerms] = useState5(false);
-  const [step, setStep] = useState5("identifier");
-  const [error, setError] = useState5("");
+  const { onIdentifierSuccess, onOTPSuccess, onError, sourceUrl, redirectUrl, requireTermsAcceptance = false, authPath = "/auth" } = options;
+  const [identifier, setIdentifier] = useState6("");
+  const [channel, setChannel] = useState6("email");
+  const [otp, setOtp] = useState6("");
+  const [isLoading, setIsLoading] = useState6(false);
+  const [acceptedTerms, setAcceptedTerms] = useState6(false);
+  const [step, setStep] = useState6("identifier");
+  const [error, setError] = useState6("");
   const { requestOTP, verifyOTP, getSavedEmail, saveEmail, getSavedPhone, savePhone } = useAuth();
   const [savedTermsAccepted, setSavedTermsAccepted] = useLocalStorage2("auth_terms_accepted", false);
   const [savedEmail, setSavedEmail] = useLocalStorage2("auth_email", "");
@@ -4843,6 +4864,7 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
     setSavedTermsAccepted(checked);
   }, [setSavedTermsAccepted]);
   useAutoAuth({
+    allowedPaths: [authPath],
     onOTPDetected: /* @__PURE__ */ __name((otp2) => {
       authLogger.info("OTP detected, auto-submitting");
       const savedEmail2 = getSavedEmail();
@@ -4893,7 +4915,7 @@ var useAuthForm = /* @__PURE__ */ __name((options) => {
 }, "useAuthForm");
 
 // src/auth/hooks/useGithubAuth.ts
-import { useCallback as useCallback4, useState as useState6 } from "react";
+import { useCallback as useCallback4, useState as useState7 } from "react";
 import { useCfgRouter as useCfgRouter4 } from "@djangocfg/ui-nextjs/hooks";
 
 // src/generated/cfg_webpush/_utils/hooks/webpush__web_push.ts
@@ -4924,8 +4946,8 @@ var apiCentrifugo = new API2(apiUrl2, { storage });
 var useGithubAuth = /* @__PURE__ */ __name((options = {}) => {
   const { sourceUrl, onSuccess, onError, redirectUrl } = options;
   const router = useCfgRouter4();
-  const [isLoading, setIsLoading] = useState6(false);
-  const [error, setError] = useState6(null);
+  const [isLoading, setIsLoading] = useState7(false);
+  const [error, setError] = useState7(null);
   const startGithubAuth = useCallback4(async () => {
     setIsLoading(true);
     setError(null);