@imtbl/auth-next-server 2.12.7-alpha.8 → 2.12.7

package/README.md

@@ -30,6 +30,16 @@ yarn add @imtbl/auth-next-server next-auth@5
 - `next` >= 14.0.0
 - `next-auth` >= 5.0.0-beta.25
 
+### Next.js 14 Compatibility
+
+This package is compatible with both Next.js 14 and 15. It uses only standard APIs available in both versions:
+
+- `next/server`: `NextRequest`, `NextResponse` (middleware)
+- `next/navigation`: `redirect` (Server Components)
+- NextAuth v5 with App Router
+
+No Next.js 15-only APIs are used (e.g. async `headers()`/`cookies()`, `unstable_after`).
+
 ## Quick Start
 
 ### 1. Create Auth Configuration
@@ -69,19 +79,55 @@ NEXT_PUBLIC_BASE_URL=http://localhost:3000
 AUTH_SECRET=your-secret-key-min-32-characters
 ```
 
+## Default Auth (Zero Config)
+
+Policy: **provide nothing → full sandbox; provide config → provide everything.**
+
+With no configuration, `createAuthConfig()` uses sandbox defaults:
+- `clientId`: sandbox (public Immutable client ID)
+- `redirectUri`: from `window.location.origin + '/callback'` (path only on server)
+
+When providing config, pass `clientId` and `redirectUri` (and optionally `audience`, `scope`, `authenticationDomain`) to avoid conflicts.
+
+```typescript
+// lib/auth.ts
+import NextAuth from "next-auth";
+import { createAuthConfig } from "@imtbl/auth-next-server";
+
+// Zero config - only AUTH_SECRET required in .env
+export const { handlers, auth, signIn, signOut } = NextAuth(createAuthConfig());
+```
+
+With partial overrides:
+
+```typescript
+// With config - provide clientId and redirectUri
+export const { handlers, auth, signIn, signOut } = NextAuth(
+  createAuthConfig({
+    clientId: process.env.NEXT_PUBLIC_IMMUTABLE_CLIENT_ID!,
+    redirectUri: `${process.env.NEXT_PUBLIC_BASE_URL}/callback`,
+  }),
+);
+```
+
+> **Note:** Default auth uses public Immutable client IDs. For production apps, use your own client ID from Immutable Hub.
+
 ## Configuration
 
-### `createAuthConfig(config)`
+### `createAuthConfig(config?)`
 
-Creates an Auth.js v5 configuration object for Immutable authentication. You pass this to `NextAuth()` to create your auth instance.
+Creates an Auth.js v5 configuration object for Immutable authentication. Config is optional—when omitted, sensible defaults are used. Pass this to `NextAuth()` to create your auth instance.
 
 ```typescript
 import NextAuth from "next-auth";
 import { createAuthConfig } from "@imtbl/auth-next-server";
 
+// Zero config
+const { handlers, auth, signIn, signOut } = NextAuth(createAuthConfig());
+
+// Or with custom config
 const { handlers, auth, signIn, signOut } = NextAuth(
   createAuthConfig({
-    // Required
     clientId: "your-client-id",
     redirectUri: "https://your-app.com/callback",
 
@@ -97,8 +143,8 @@ const { handlers, auth, signIn, signOut } = NextAuth(
 
 | Option                 | Type     | Required | Description                                                              |
 | ---------------------- | -------- | -------- | ------------------------------------------------------------------------ |
-| `clientId`             | `string` | Yes      | Your Immutable application client ID                                     |
-| `redirectUri`          | `string` | Yes      | OAuth redirect URI configured in Immutable Hub                           |
+| `clientId`             | `string` | Yes*     | Your Immutable application client ID (*required when config is provided) |
+| `redirectUri`          | `string` | Yes*     | OAuth redirect URI (*required when config is provided)                   |
 | `audience`             | `string` | No       | OAuth audience (default: `"platform_api"`)                               |
 | `scope`                | `string` | No       | OAuth scopes (default: `"openid profile email offline_access transact"`) |
 | `authenticationDomain` | `string` | No       | Auth domain (default: `"https://auth.immutable.com"`)                    |

package/dist/node/index.cjs

@@ -30,7 +30,17 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/index.ts
 var src_exports = {};
 __export(src_exports, {
+  DEFAULT_AUDIENCE: () => DEFAULT_AUDIENCE,
+  DEFAULT_AUTH_DOMAIN: () => DEFAULT_AUTH_DOMAIN,
+  DEFAULT_LOGOUT_REDIRECT_URI_PATH: () => DEFAULT_LOGOUT_REDIRECT_URI_PATH,
+  DEFAULT_NEXTAUTH_BASE_PATH: () => DEFAULT_NEXTAUTH_BASE_PATH,
+  DEFAULT_REDIRECT_URI_PATH: () => DEFAULT_REDIRECT_URI_PATH,
+  DEFAULT_SANDBOX_CLIENT_ID: () => DEFAULT_SANDBOX_CLIENT_ID,
+  DEFAULT_SCOPE: () => DEFAULT_SCOPE,
+  DEFAULT_TOKEN_EXPIRY_MS: () => DEFAULT_TOKEN_EXPIRY_MS,
+  IMMUTABLE_PROVIDER_ID: () => IMMUTABLE_PROVIDER_ID,
   NextAuth: () => import_next_auth.default,
+  TOKEN_EXPIRY_BUFFER_MS: () => TOKEN_EXPIRY_BUFFER_MS,
   createAuthConfig: () => createAuthConfig,
   createAuthMiddleware: () => createAuthMiddleware,
   createAuthOptions: () => createAuthOptions,
@@ -64,11 +74,18 @@ var import_jwt = require("next-auth/jwt");
 
 // src/constants.ts
 var DEFAULT_AUTH_DOMAIN = "https://auth.immutable.com";
+var DEFAULT_AUDIENCE = "platform_api";
+var DEFAULT_SCOPE = "openid profile email offline_access transact";
 var IMMUTABLE_PROVIDER_ID = "immutable";
+var DEFAULT_NEXTAUTH_BASE_PATH = "/api/auth";
 var DEFAULT_TOKEN_EXPIRY_SECONDS = 900;
 var DEFAULT_TOKEN_EXPIRY_MS = DEFAULT_TOKEN_EXPIRY_SECONDS * 1e3;
 var TOKEN_EXPIRY_BUFFER_SECONDS = 60;
+var TOKEN_EXPIRY_BUFFER_MS = TOKEN_EXPIRY_BUFFER_SECONDS * 1e3;
 var DEFAULT_SESSION_MAX_AGE_SECONDS = 365 * 24 * 60 * 60;
+var DEFAULT_SANDBOX_CLIENT_ID = "mjtCL8mt06BtbxSkp2vbrYStKWnXVZfo";
+var DEFAULT_REDIRECT_URI_PATH = "/callback";
+var DEFAULT_LOGOUT_REDIRECT_URI_PATH = "/";
 
 // src/refresh.ts
 function isTokenExpired(accessTokenExpires, bufferSeconds = TOKEN_EXPIRY_BUFFER_SECONDS) {
@@ -168,8 +185,19 @@ async function validateTokens(accessToken, authDomain) {
     return null;
   }
 }
+function resolveDefaultRedirectUri() {
+  const origin = process.env.__NEXT_PRIVATE_ORIGIN;
+  if (origin) {
+    return new URL(DEFAULT_REDIRECT_URI_PATH, origin).href;
+  }
+  return DEFAULT_REDIRECT_URI_PATH;
+}
 function createAuthConfig(config) {
-  const authDomain = config.authenticationDomain || DEFAULT_AUTH_DOMAIN;
+  const resolvedConfig = config ?? {
+    clientId: DEFAULT_SANDBOX_CLIENT_ID,
+    redirectUri: resolveDefaultRedirectUri()
+  };
+  const authDomain = resolvedConfig.authenticationDomain || DEFAULT_AUTH_DOMAIN;
   return {
     // Custom jwt.encode: strip idToken from the cookie to reduce size and avoid
     // CloudFront 413 "Request Entity Too Large" errors. The idToken (~1-2 KB) is
@@ -265,7 +293,7 @@ function createAuthConfig(config) {
               try {
                 const refreshed = await refreshAccessToken(
                   token.refreshToken,
-                  config.clientId,
+                  resolvedConfig.clientId,
                   authDomain
                 );
                 const zkEvm = extractZkEvmFromIdToken(refreshed.idToken);
@@ -305,7 +333,7 @@ function createAuthConfig(config) {
             try {
               const refreshed = await refreshAccessToken(
                 token.refreshToken,
-                config.clientId,
+                resolvedConfig.clientId,
                 authDomain
               );
               const zkEvm = extractZkEvmFromIdToken(refreshed.idToken);
@@ -509,7 +537,17 @@ function withAuth(auth, handler) {
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  DEFAULT_AUDIENCE,
+  DEFAULT_AUTH_DOMAIN,
+  DEFAULT_LOGOUT_REDIRECT_URI_PATH,
+  DEFAULT_NEXTAUTH_BASE_PATH,
+  DEFAULT_REDIRECT_URI_PATH,
+  DEFAULT_SANDBOX_CLIENT_ID,
+  DEFAULT_SCOPE,
+  DEFAULT_TOKEN_EXPIRY_MS,
+  IMMUTABLE_PROVIDER_ID,
   NextAuth,
+  TOKEN_EXPIRY_BUFFER_MS,
   createAuthConfig,
   createAuthMiddleware,
   createAuthOptions,

package/dist/node/index.js

@@ -17,11 +17,18 @@ import { encode as encodeImport } from "next-auth/jwt";
 
 // src/constants.ts
 var DEFAULT_AUTH_DOMAIN = "https://auth.immutable.com";
+var DEFAULT_AUDIENCE = "platform_api";
+var DEFAULT_SCOPE = "openid profile email offline_access transact";
 var IMMUTABLE_PROVIDER_ID = "immutable";
+var DEFAULT_NEXTAUTH_BASE_PATH = "/api/auth";
 var DEFAULT_TOKEN_EXPIRY_SECONDS = 900;
 var DEFAULT_TOKEN_EXPIRY_MS = DEFAULT_TOKEN_EXPIRY_SECONDS * 1e3;
 var TOKEN_EXPIRY_BUFFER_SECONDS = 60;
+var TOKEN_EXPIRY_BUFFER_MS = TOKEN_EXPIRY_BUFFER_SECONDS * 1e3;
 var DEFAULT_SESSION_MAX_AGE_SECONDS = 365 * 24 * 60 * 60;
+var DEFAULT_SANDBOX_CLIENT_ID = "mjtCL8mt06BtbxSkp2vbrYStKWnXVZfo";
+var DEFAULT_REDIRECT_URI_PATH = "/callback";
+var DEFAULT_LOGOUT_REDIRECT_URI_PATH = "/";
 
 // src/refresh.ts
 function isTokenExpired(accessTokenExpires, bufferSeconds = TOKEN_EXPIRY_BUFFER_SECONDS) {
@@ -121,8 +128,19 @@ async function validateTokens(accessToken, authDomain) {
     return null;
   }
 }
+function resolveDefaultRedirectUri() {
+  const origin = process.env.__NEXT_PRIVATE_ORIGIN;
+  if (origin) {
+    return new URL(DEFAULT_REDIRECT_URI_PATH, origin).href;
+  }
+  return DEFAULT_REDIRECT_URI_PATH;
+}
 function createAuthConfig(config) {
-  const authDomain = config.authenticationDomain || DEFAULT_AUTH_DOMAIN;
+  const resolvedConfig = config ?? {
+    clientId: DEFAULT_SANDBOX_CLIENT_ID,
+    redirectUri: resolveDefaultRedirectUri()
+  };
+  const authDomain = resolvedConfig.authenticationDomain || DEFAULT_AUTH_DOMAIN;
   return {
     // Custom jwt.encode: strip idToken from the cookie to reduce size and avoid
     // CloudFront 413 "Request Entity Too Large" errors. The idToken (~1-2 KB) is
@@ -218,7 +236,7 @@ function createAuthConfig(config) {
               try {
                 const refreshed = await refreshAccessToken(
                   token.refreshToken,
-                  config.clientId,
+                  resolvedConfig.clientId,
                   authDomain
                 );
                 const zkEvm = extractZkEvmFromIdToken(refreshed.idToken);
@@ -258,7 +276,7 @@ function createAuthConfig(config) {
             try {
               const refreshed = await refreshAccessToken(
                 token.refreshToken,
-                config.clientId,
+                resolvedConfig.clientId,
                 authDomain
               );
               const zkEvm = extractZkEvmFromIdToken(refreshed.idToken);
@@ -461,7 +479,17 @@ function withAuth(auth, handler) {
   };
 }
 export {
+  DEFAULT_AUDIENCE,
+  DEFAULT_AUTH_DOMAIN,
+  DEFAULT_LOGOUT_REDIRECT_URI_PATH,
+  DEFAULT_NEXTAUTH_BASE_PATH,
+  DEFAULT_REDIRECT_URI_PATH,
+  DEFAULT_SANDBOX_CLIENT_ID,
+  DEFAULT_SCOPE,
+  DEFAULT_TOKEN_EXPIRY_MS,
+  IMMUTABLE_PROVIDER_ID,
   default2 as NextAuth,
+  TOKEN_EXPIRY_BUFFER_MS,
   createAuthConfig,
   createAuthMiddleware,
   createAuthOptions,

package/dist/types/config.d.ts

@@ -1,21 +1,34 @@
 import type { NextAuthConfig } from 'next-auth';
 import type { ImmutableAuthConfig } from './types';
 /**
- * Create Auth.js v5 configuration for Immutable authentication
+ * Create Auth.js v5 configuration for Immutable authentication.
+ *
+ * Policy: provide nothing → full sandbox config; provide config → provide everything.
+ * - Zero config: sandbox clientId, auto-derived redirectUri. No conflicts.
+ * - With config: clientId and redirectUri required. Pass full config to avoid conflicts.
+ *
+ * @param config - Optional. When omitted, uses sandbox defaults. When provided, clientId and redirectUri are required.
+ *
+ * @example
+ * ```typescript
+ * // Zero config - sandbox, only AUTH_SECRET required in .env
+ * import NextAuth from "next-auth";
+ * import { createAuthConfig } from "@imtbl/auth-next-server";
+ *
+ * export const { handlers, auth, signIn, signOut } = NextAuth(createAuthConfig());
+ * ```
  *
  * @example
  * ```typescript
- * // lib/auth.ts
+ * // With config - provide clientId and redirectUri (and optionally audience, scope, authenticationDomain)
  * import NextAuth from "next-auth";
  * import { createAuthConfig } from "@imtbl/auth-next-server";
  *
- * const config = {
+ * export const { handlers, auth, signIn, signOut } = NextAuth(createAuthConfig({
  *   clientId: process.env.NEXT_PUBLIC_IMMUTABLE_CLIENT_ID!,
  *   redirectUri: `${process.env.NEXT_PUBLIC_BASE_URL}/callback`,
- * };
- *
- * export const { handlers, auth, signIn, signOut } = NextAuth(createAuthConfig(config));
+ * }));
  * ```
  */
-export declare function createAuthConfig(config: ImmutableAuthConfig): NextAuthConfig;
+export declare function createAuthConfig(config?: ImmutableAuthConfig): NextAuthConfig;
 export declare const createAuthOptions: typeof createAuthConfig;

package/dist/types/constants.d.ts

@@ -35,8 +35,25 @@ export declare const DEFAULT_TOKEN_EXPIRY_MS: number;
  * Tokens will be refreshed when they expire within this window
  */
 export declare const TOKEN_EXPIRY_BUFFER_SECONDS = 60;
+/**
+ * Buffer time in milliseconds before token expiry to trigger refresh.
+ * Used by auth-next-client for client-side refresh timing.
+ */
+export declare const TOKEN_EXPIRY_BUFFER_MS: number;
 /**
  * Default session max age in seconds (365 days)
  * This is how long the NextAuth session cookie will be valid
  */
 export declare const DEFAULT_SESSION_MAX_AGE_SECONDS: number;
+/**
+ * Sandbox client ID for auth-next zero-config.
+ */
+export declare const DEFAULT_SANDBOX_CLIENT_ID = "mjtCL8mt06BtbxSkp2vbrYStKWnXVZfo";
+/**
+ * Default redirect URI path for sandbox zero-config.
+ */
+export declare const DEFAULT_REDIRECT_URI_PATH = "/callback";
+/**
+ * Default logout redirect URI path
+ */
+export declare const DEFAULT_LOGOUT_REDIRECT_URI_PATH = "/";

package/dist/types/index.d.ts

@@ -23,6 +23,7 @@ import { type NextRequest, NextResponse } from 'next/server';
 export { default as NextAuth } from 'next-auth';
 export { createAuthConfig, createAuthOptions } from './config';
 export { isTokenExpired, refreshAccessToken, extractZkEvmFromIdToken, type RefreshedTokens, type ZkEvmData, } from './refresh';
+export { DEFAULT_AUTH_DOMAIN, DEFAULT_AUDIENCE, DEFAULT_SCOPE, IMMUTABLE_PROVIDER_ID, DEFAULT_NEXTAUTH_BASE_PATH, DEFAULT_SANDBOX_CLIENT_ID, DEFAULT_REDIRECT_URI_PATH, DEFAULT_LOGOUT_REDIRECT_URI_PATH, DEFAULT_TOKEN_EXPIRY_MS, TOKEN_EXPIRY_BUFFER_MS, } from './constants';
 export type { ImmutableAuthConfig, ImmutableTokenData, UserInfoResponse, ZkEvmUser, ImmutableUser, } from './types';
 /**
  * Result from getValidSession indicating auth state

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@imtbl/auth-next-server",
-  "version": "2.12.7-alpha.8",
+  "version": "2.12.7",
   "description": "Immutable Auth.js v5 integration for Next.js - Server-side utilities",
   "author": "Immutable",
   "license": "Apache-2.0",
@@ -27,7 +27,7 @@
     }
   },
   "peerDependencies": {
-    "next": "^15.0.0",
+    "next": "^14.0.0 || ^15.0.0",
     "next-auth": "^5.0.0-beta.25"
   },
   "peerDependenciesMeta": {
@@ -45,7 +45,7 @@
     "@types/node": "^22.10.7",
     "eslint": "^8.56.0",
     "jest": "^29.7.0",
-    "next": "^15.1.6",
+    "next": "^15.2.6",
     "next-auth": "^5.0.0-beta.30",
     "tsup": "^8.3.0",
     "typescript": "^5.6.2"

package/src/config.ts

@@ -8,6 +8,8 @@ import type { ImmutableAuthConfig, ImmutableTokenData, UserInfoResponse } from '
 import { isTokenExpired, refreshAccessToken, extractZkEvmFromIdToken } from './refresh';
 import {
   DEFAULT_AUTH_DOMAIN,
+  DEFAULT_REDIRECT_URI_PATH,
+  DEFAULT_SANDBOX_CLIENT_ID,
   IMMUTABLE_PROVIDER_ID,
   DEFAULT_SESSION_MAX_AGE_SECONDS,
 } from './constants';
@@ -55,24 +57,54 @@ async function validateTokens(
 }
 
 /**
- * Create Auth.js v5 configuration for Immutable authentication
+ * Resolve redirect URI for zero-config mode.
+ * Uses __NEXT_PRIVATE_ORIGIN when available (Next.js internal), otherwise path-only.
+ */
+function resolveDefaultRedirectUri(): string {
+  // eslint-disable-next-line no-underscore-dangle -- Next.js internal env var
+  const origin = process.env.__NEXT_PRIVATE_ORIGIN;
+  if (origin) {
+    return new URL(DEFAULT_REDIRECT_URI_PATH, origin).href;
+  }
+  return DEFAULT_REDIRECT_URI_PATH;
+}
+
+/**
+ * Create Auth.js v5 configuration for Immutable authentication.
+ *
+ * Policy: provide nothing → full sandbox config; provide config → provide everything.
+ * - Zero config: sandbox clientId, auto-derived redirectUri. No conflicts.
+ * - With config: clientId and redirectUri required. Pass full config to avoid conflicts.
+ *
+ * @param config - Optional. When omitted, uses sandbox defaults. When provided, clientId and redirectUri are required.
  *
  * @example
  * ```typescript
- * // lib/auth.ts
+ * // Zero config - sandbox, only AUTH_SECRET required in .env
  * import NextAuth from "next-auth";
  * import { createAuthConfig } from "@imtbl/auth-next-server";
  *
- * const config = {
+ * export const { handlers, auth, signIn, signOut } = NextAuth(createAuthConfig());
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // With config - provide clientId and redirectUri (and optionally audience, scope, authenticationDomain)
+ * import NextAuth from "next-auth";
+ * import { createAuthConfig } from "@imtbl/auth-next-server";
+ *
+ * export const { handlers, auth, signIn, signOut } = NextAuth(createAuthConfig({
  *   clientId: process.env.NEXT_PUBLIC_IMMUTABLE_CLIENT_ID!,
  *   redirectUri: `${process.env.NEXT_PUBLIC_BASE_URL}/callback`,
- * };
- *
- * export const { handlers, auth, signIn, signOut } = NextAuth(createAuthConfig(config));
+ * }));
  * ```
  */
-export function createAuthConfig(config: ImmutableAuthConfig): NextAuthConfig {
-  const authDomain = config.authenticationDomain || DEFAULT_AUTH_DOMAIN;
+export function createAuthConfig(config?: ImmutableAuthConfig): NextAuthConfig {
+  const resolvedConfig: ImmutableAuthConfig = config ?? {
+    clientId: DEFAULT_SANDBOX_CLIENT_ID,
+    redirectUri: resolveDefaultRedirectUri(),
+  };
+  const authDomain = resolvedConfig.authenticationDomain || DEFAULT_AUTH_DOMAIN;
 
   return {
     // Custom jwt.encode: strip idToken from the cookie to reduce size and avoid
@@ -85,7 +117,6 @@ export function createAuthConfig(config: ImmutableAuthConfig): NextAuthConfig {
       async encode(params) {
         const { token, ...rest } = params;
         if (token) {
-          // eslint-disable-next-line @typescript-eslint/no-unused-vars
           const { idToken, ...cookieToken } = token as Record<string, unknown>;
           return defaultJwtEncode({ ...rest, token: cookieToken });
         }
@@ -204,7 +235,7 @@ export function createAuthConfig(config: ImmutableAuthConfig): NextAuthConfig {
               try {
                 const refreshed = await refreshAccessToken(
                   token.refreshToken as string,
-                  config.clientId,
+                  resolvedConfig.clientId,
                   authDomain,
                 );
                 // Extract zkEvm claims from the refreshed idToken
@@ -219,7 +250,7 @@ export function createAuthConfig(config: ImmutableAuthConfig): NextAuthConfig {
                   error: undefined,
                 };
               } catch (error) {
-              // eslint-disable-next-line no-console
+                // eslint-disable-next-line no-console
                 console.error('[auth-next-server] Force refresh failed:', error);
                 return {
                   ...token,
@@ -252,7 +283,7 @@ export function createAuthConfig(config: ImmutableAuthConfig): NextAuthConfig {
             try {
               const refreshed = await refreshAccessToken(
                 token.refreshToken as string,
-                config.clientId,
+                resolvedConfig.clientId,
                 authDomain,
               );
               // Extract zkEvm claims from the refreshed idToken
@@ -267,7 +298,7 @@ export function createAuthConfig(config: ImmutableAuthConfig): NextAuthConfig {
                 error: undefined, // Clear any previous error
               };
             } catch (error) {
-            // eslint-disable-next-line no-console
+              // eslint-disable-next-line no-console
               console.error('[auth-next-server] Token refresh failed:', error);
               return {
                 ...token,

package/src/constants.ts

@@ -44,8 +44,29 @@ export const DEFAULT_TOKEN_EXPIRY_MS = DEFAULT_TOKEN_EXPIRY_SECONDS * 1000;
  */
 export const TOKEN_EXPIRY_BUFFER_SECONDS = 60;
 
+/**
+ * Buffer time in milliseconds before token expiry to trigger refresh.
+ * Used by auth-next-client for client-side refresh timing.
+ */
+export const TOKEN_EXPIRY_BUFFER_MS = TOKEN_EXPIRY_BUFFER_SECONDS * 1000;
+
 /**
  * Default session max age in seconds (365 days)
  * This is how long the NextAuth session cookie will be valid
  */
 export const DEFAULT_SESSION_MAX_AGE_SECONDS = 365 * 24 * 60 * 60;
+
+/**
+ * Sandbox client ID for auth-next zero-config.
+ */
+export const DEFAULT_SANDBOX_CLIENT_ID = 'mjtCL8mt06BtbxSkp2vbrYStKWnXVZfo';
+
+/**
+ * Default redirect URI path for sandbox zero-config.
+ */
+export const DEFAULT_REDIRECT_URI_PATH = '/callback';
+
+/**
+ * Default logout redirect URI path
+ */
+export const DEFAULT_LOGOUT_REDIRECT_URI_PATH = '/';

package/src/index.ts

@@ -45,6 +45,18 @@ export {
   type RefreshedTokens,
   type ZkEvmData,
 } from './refresh';
+export {
+  DEFAULT_AUTH_DOMAIN,
+  DEFAULT_AUDIENCE,
+  DEFAULT_SCOPE,
+  IMMUTABLE_PROVIDER_ID,
+  DEFAULT_NEXTAUTH_BASE_PATH,
+  DEFAULT_SANDBOX_CLIENT_ID,
+  DEFAULT_REDIRECT_URI_PATH,
+  DEFAULT_LOGOUT_REDIRECT_URI_PATH,
+  DEFAULT_TOKEN_EXPIRY_MS,
+  TOKEN_EXPIRY_BUFFER_MS,
+} from './constants';
 
 // ============================================================================
 // Type exports