@go-mondo/nextjs-auth 0.1.0

package/dist/client.d.ts

@@ -0,0 +1,201 @@
+import { G as GetAccessTokenOptions, A as AccessTokenResult } from './access-token-UIlXwi3X.js';
+import { SessionOptions, Session } from './session.js';
+import { PartialConfig } from './config.js';
+import { OverrideAuthorizationParams } from './oauth.js';
+import { C as Claims } from './types-CbrOw4QQ.js';
+import 'zod';
+
+interface CallbackOptions {
+    /**
+     * Additional parameters sent to the token endpoint during code exchange.
+     */
+    tokenParameters?: URLSearchParams | Record<string, string>;
+}
+
+type AuthorizationParams = OverrideAuthorizationParams;
+interface LoginOptions {
+    /**
+     * Override the default authorization parameters for this login request.
+     */
+    authorization?: Partial<AuthorizationParams>;
+    /**
+     * URL to return to after login. Overrides the default in {@link BaseConfig.baseURL}.
+     */
+    returnTo?: string;
+}
+
+/**
+ * Options for clearing the local session and choosing the post-logout redirect.
+ */
+interface LogoutOptions {
+    /**
+     * Application path to return to after logout.
+     */
+    returnTo?: string;
+    /**
+     * If set to `true`, the logout will also log out the user from the identity provider.
+     * This is useful for Single Sign Out (SSO) scenarios.
+     * If set to `false`, the user will only be logged out from the application.
+     * Defaults to `false`.
+     */
+    singleLogOut?: boolean;
+}
+
+interface AccessTokenOptions extends GetAccessTokenOptions {
+    /**
+     * Optional projection applied before the route returns JSON.
+     */
+    transform?: (token: AccessTokenResult) => unknown;
+}
+
+/**
+ * Route-level options used by {@link MondoAuthClient.handleAuth}.
+ *
+ * Each property customizes the matching built-in route while keeping the same
+ * default route mounting behavior.
+ */
+type HandleAuthOptions<UserClaims extends Claims = Claims> = {
+    /** Options applied to the login route. */
+    login?: LoginOptions;
+    /** Options applied to the callback route. */
+    callback?: CallbackOptions;
+    /** Options applied to the logout route. */
+    logout?: LogoutOptions;
+    /** Options applied to the session JSON route. */
+    session?: SessionOptions<UserClaims>;
+    /** Options applied to the access-token JSON route. */
+    accessToken?: AccessTokenOptions;
+};
+/**
+ * Options for protecting requests from Next.js `proxy.ts`.
+ */
+type ProxyOptions = {
+    /**
+     * Paths that should pass through without an authenticated session.
+     */
+    publicPaths?: Array<string | RegExp>;
+    /**
+     * A route-specific return URL override for unauthenticated redirects.
+     */
+    returnTo?: string | ((request: Request) => string | Promise<string>);
+};
+/**
+ * Modern entry point for applications. Create one instance in `src/lib/auth.ts`,
+ * then reuse it from route handlers, server code, and `proxy.ts`.
+ *
+ * @typeParam UserClaims - App-specific claims expected on `session.user`.
+ */
+declare class MondoAuthClient<UserClaims extends Claims = Claims> {
+    private readonly instance;
+    /**
+     * Creates a client and validates configuration immediately.
+     *
+     * @param config - Optional explicit config. Environment variables provide the
+     * remaining values.
+     */
+    constructor(config?: PartialConfig);
+    /**
+     * Validated auth configuration used by this client.
+     */
+    get config(): {
+        authorization: {
+            [x: string]: string | number | boolean;
+            response_type: "code";
+            scope: string;
+            response_mode: "query" | "form_post";
+            audience?: string | undefined;
+            display?: "page" | "popup" | "touch" | "wap" | undefined;
+            prompt?: "none" | "login" | "consent" | "select_account" | undefined;
+            max_age?: number | undefined;
+            ui_locales?: string | undefined;
+            id_token_hint?: string | undefined;
+            login_hint?: string | undefined;
+            acr_values?: string | undefined;
+        };
+        baseURL: string;
+        clientId: string;
+        clientSecret: string;
+        issuerBaseURL: string;
+        secret: string | string[];
+        session: {
+            name: string;
+            idleDuration: number | false;
+            absoluteDuration: number | false;
+            cookie: {
+                path: string;
+                httpOnly: boolean;
+                sameSite: "none" | "lax" | "strict";
+                secure: boolean;
+                domain?: string | undefined;
+            };
+        };
+        routes: {
+            login: string;
+            callback: string;
+            logout: string;
+            session: string;
+            accessToken: string;
+            postLogoutRedirect: string;
+        };
+        transaction: {
+            name: string;
+            cookie: {
+                sameSite: "none" | "lax" | "strict";
+                path: string;
+                domain?: string | undefined;
+                secure?: boolean | undefined;
+            };
+        };
+    };
+    /**
+     * Returns one route handler that serves all configured auth routes.
+     *
+     * Mount this from a catch-all route such as
+     * `src/app/auth/[...auth]/route.ts`.
+     */
+    handleAuth(options?: HandleAuthOptions<UserClaims>): (request: Request) => Promise<Response>;
+    /**
+     * Creates a route handler that starts the OIDC login redirect.
+     */
+    handleLogin(options?: LoginOptions): (req: Request) => Promise<Response>;
+    /**
+     * Creates a route handler that completes the OIDC callback.
+     */
+    handleCallback(options?: CallbackOptions): (req: Request) => Promise<Response>;
+    /**
+     * Creates a route handler that clears the local session.
+     */
+    handleLogout(options?: LogoutOptions): (req: Request) => Promise<Response>;
+    /**
+     * Creates a route handler that returns the current session as JSON.
+     */
+    handleSession(options?: SessionOptions<UserClaims>): (_req: Request) => Promise<Response>;
+    /**
+     * Creates a route handler that returns or refreshes the current access token.
+     */
+    handleAccessToken(options?: AccessTokenOptions): (req: Request) => Promise<Response>;
+    /**
+     * Reads the current sealed-cookie session in server code.
+     */
+    getSession: () => Promise<Session<UserClaims> | undefined>;
+    /**
+     * Returns the current access token, refreshing with the stored refresh token
+     * when the token is expired or missing required scopes.
+     */
+    getAccessToken: (options?: GetAccessTokenOptions) => Promise<AccessTokenResult>;
+    /**
+     * Drop this into `proxy.ts` to protect matched routes and keep idle sessions
+     * fresh at the request boundary.
+     */
+    proxy: (request: Request, options?: ProxyOptions) => Promise<Response | undefined>;
+}
+/**
+ * Creates a configured Mondo auth client.
+ *
+ * @typeParam UserClaims - App-specific claims expected on `session.user`.
+ * @param config - Optional explicit config. Environment variables provide the
+ * remaining values.
+ */
+declare function createAuth<UserClaims extends Claims = Claims>(config?: PartialConfig): MondoAuthClient<UserClaims>;
+
+export { type HandleAuthOptions, MondoAuthClient, type ProxyOptions, createAuth };