@imtbl/auth-nextjs 2.12.4-alpha.4 → 2.12.4-alpha.6

package/dist/node/client/index.js

@@ -16,7 +16,9 @@ import {
   signIn,
   signOut
 } from "next-auth/react";
-import { Auth } from "@imtbl/auth";
+import {
+  Auth
+} from "@imtbl/auth";
 
 // src/utils/token.ts
 import { decodeJwtPayload } from "@imtbl/auth";
@@ -161,11 +163,11 @@ function useImmutableAuth() {
     email: session.user.email,
     nickname: session.user.nickname
   } : null;
-  const handleSignIn = useCallback(async () => {
+  const handleSignIn = useCallback(async (options) => {
     if (!auth) {
       throw new Error("Auth not initialized");
     }
-    const authUser = await auth.login();
+    const authUser = await auth.login(options);
     if (!authUser) {
       throw new Error("Login failed");
     }
@@ -238,7 +240,7 @@ function useAccessToken() {
 
 // src/client/callback.tsx
 import { useEffect as useEffect2, useState as useState2, useRef as useRef2 } from "react";
-import { useRouter } from "next/router";
+import { useRouter, useSearchParams } from "next/navigation";
 import { signIn as signIn2 } from "next-auth/react";
 import { Auth as Auth2 } from "@imtbl/auth";
 import { jsx as jsx2, jsxs } from "react/jsx-runtime";
@@ -249,6 +251,7 @@ function CallbackPage({
   errorComponent
 }) {
   const router = useRouter();
+  const searchParams = useSearchParams();
   const [error, setError] = useState2(null);
   const callbackProcessedRef = useRef2(false);
   useEffect2(() => {
@@ -300,31 +303,20 @@ function CallbackPage({
       }
     };
     const handleOAuthError = () => {
-      const errorCode = router.query.error;
-      const errorDescription = router.query.error_description;
+      const errorCode = searchParams.get("error");
+      const errorDescription = searchParams.get("error_description");
       const errorMessage = errorDescription || errorCode || "Authentication failed";
       setError(errorMessage);
     };
-    if (!router.isReady) {
-      return;
-    }
-    if (router.query.error) {
+    if (searchParams.get("error")) {
       handleOAuthError();
       return;
     }
-    if (router.query.code && !callbackProcessedRef.current) {
+    if (searchParams.get("code") && !callbackProcessedRef.current) {
       callbackProcessedRef.current = true;
       handleCallback();
     }
-  }, [
-    router.isReady,
-    router.query.code,
-    router.query.error,
-    router.query.error_description,
-    router,
-    config,
-    redirectTo
-  ]);
+  }, [searchParams, router, config, redirectTo]);
   if (error) {
     if (errorComponent) {
       return errorComponent(error);
@@ -336,6 +328,7 @@ function CallbackPage({
         "button",
         {
           onClick: () => router.push("/"),
+          type: "button",
           style: {
             padding: "0.5rem 1rem",
             marginTop: "1rem",
@@ -351,9 +344,13 @@ function CallbackPage({
   }
   return /* @__PURE__ */ jsx2("div", { style: { padding: "2rem", textAlign: "center" }, children: /* @__PURE__ */ jsx2("p", { children: "Completing authentication..." }) });
 }
+
+// src/client/index.ts
+import { MarketingConsentStatus } from "@imtbl/auth";
 export {
   CallbackPage,
   ImmutableAuthProvider,
+  MarketingConsentStatus,
   useAccessToken,
   useImmutableAuth
 };

package/dist/node/index.cjs

@@ -30,7 +30,14 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/index.ts
 var src_exports = {};
 __export(src_exports, {
+  DEFAULT_AUDIENCE: () => DEFAULT_AUDIENCE,
+  DEFAULT_AUTH_DOMAIN: () => DEFAULT_AUTH_DOMAIN,
+  DEFAULT_NEXTAUTH_BASE_PATH: () => DEFAULT_NEXTAUTH_BASE_PATH,
+  DEFAULT_SCOPE: () => DEFAULT_SCOPE,
   ImmutableAuth: () => ImmutableAuth,
+  MarketingConsentStatus: () => import_auth.MarketingConsentStatus,
+  createAuthConfig: () => createAuthConfig,
+  createImmutableAuth: () => createImmutableAuth,
   isTokenExpired: () => isTokenExpired,
   refreshAccessToken: () => refreshAccessToken
 });
@@ -42,7 +49,10 @@ var import_credentials = __toESM(require("next-auth/providers/credentials"), 1);
 
 // src/constants.ts
 var DEFAULT_AUTH_DOMAIN = "https://auth.immutable.com";
+var DEFAULT_AUDIENCE = "platform_api";
+var DEFAULT_SCOPE = "openid profile email offline_access transact";
 var IMMUTABLE_PROVIDER_ID = "immutable";
+var DEFAULT_NEXTAUTH_BASE_PATH = "/api/auth";
 var DEFAULT_TOKEN_EXPIRY_SECONDS = 900;
 var DEFAULT_TOKEN_EXPIRY_MS = DEFAULT_TOKEN_EXPIRY_SECONDS * 1e3;
 var TOKEN_EXPIRY_BUFFER_SECONDS = 60;
@@ -110,7 +120,7 @@ function isTokenExpired(accessTokenExpires, bufferSeconds = TOKEN_EXPIRY_BUFFER_
 }
 
 // src/config.ts
-var CredentialsProvider = import_credentials.default.default || import_credentials.default;
+var Credentials = import_credentials.default.default || import_credentials.default;
 async function validateTokens(accessToken, authDomain) {
   try {
     const response = await fetch(`${authDomain}/userinfo`, {
@@ -129,18 +139,18 @@ async function validateTokens(accessToken, authDomain) {
     return null;
   }
 }
-function createAuthOptions(config) {
+function createAuthConfig(config) {
   const authDomain = config.authenticationDomain || DEFAULT_AUTH_DOMAIN;
   return {
     providers: [
-      CredentialsProvider({
+      Credentials({
         id: IMMUTABLE_PROVIDER_ID,
         name: "Immutable",
         credentials: {
           tokens: { label: "Tokens", type: "text" }
         },
         async authorize(credentials) {
-          if (!credentials?.tokens) {
+          if (!credentials?.tokens || typeof credentials.tokens !== "string") {
             return null;
           }
           let tokenData;
@@ -183,6 +193,7 @@ function createAuthOptions(config) {
       })
     ],
     callbacks: {
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
       async jwt({
         token,
         user,
@@ -203,13 +214,14 @@ function createAuthOptions(config) {
           };
         }
         if (trigger === "update" && sessionUpdate) {
+          const update = sessionUpdate;
           return {
             ...token,
-            ...sessionUpdate.accessToken && { accessToken: sessionUpdate.accessToken },
-            ...sessionUpdate.refreshToken && { refreshToken: sessionUpdate.refreshToken },
-            ...sessionUpdate.idToken && { idToken: sessionUpdate.idToken },
-            ...sessionUpdate.accessTokenExpires && { accessTokenExpires: sessionUpdate.accessTokenExpires },
-            ...sessionUpdate.zkEvm && { zkEvm: sessionUpdate.zkEvm }
+            ...update.accessToken ? { accessToken: update.accessToken } : {},
+            ...update.refreshToken ? { refreshToken: update.refreshToken } : {},
+            ...update.idToken ? { idToken: update.idToken } : {},
+            ...update.accessTokenExpires ? { accessTokenExpires: update.accessTokenExpires } : {},
+            ...update.zkEvm ? { zkEvm: update.zkEvm } : {}
           };
         }
         if (!isTokenExpired(token.accessTokenExpires)) {
@@ -217,10 +229,12 @@ function createAuthOptions(config) {
         }
         return refreshAccessToken(token, config);
       },
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
       async session({ session, token }) {
         return {
           ...session,
           user: {
+            ...session.user,
             sub: token.sub,
             email: token.email,
             nickname: token.nickname
@@ -238,25 +252,24 @@ function createAuthOptions(config) {
       strategy: "jwt",
       // Session max age in seconds (30 days default)
       maxAge: DEFAULT_SESSION_MAX_AGE_SECONDS
-    },
-    // Use NEXTAUTH_SECRET from environment
-    secret: process.env.NEXTAUTH_SECRET
+    }
   };
 }
 
 // src/index.ts
+var import_auth = require("@imtbl/auth");
 var NextAuth = import_next_auth.default.default || import_next_auth.default;
-function ImmutableAuth(config, overrides) {
-  const authOptions = createAuthOptions(config);
+function createImmutableAuth(config, overrides) {
+  const authConfig = createAuthConfig(config);
   if (!overrides) {
-    return NextAuth(authOptions);
+    return NextAuth(authConfig);
   }
   const composedCallbacks = {
-    ...authOptions.callbacks
+    ...authConfig.callbacks
   };
   if (overrides.callbacks) {
     if (overrides.callbacks.jwt) {
-      const internalJwt = authOptions.callbacks?.jwt;
+      const internalJwt = authConfig.callbacks?.jwt;
       const userJwt = overrides.callbacks.jwt;
       composedCallbacks.jwt = async (params) => {
         const token = internalJwt ? await internalJwt(params) : params.token;
@@ -264,7 +277,7 @@ function ImmutableAuth(config, overrides) {
       };
     }
     if (overrides.callbacks.session) {
-      const internalSession = authOptions.callbacks?.session;
+      const internalSession = authConfig.callbacks?.session;
       const userSession = overrides.callbacks.session;
       composedCallbacks.session = async (params) => {
         const session = internalSession ? await internalSession(params) : params.session;
@@ -278,16 +291,24 @@ function ImmutableAuth(config, overrides) {
       composedCallbacks.redirect = overrides.callbacks.redirect;
     }
   }
-  const mergedOptions = {
-    ...authOptions,
+  const mergedConfig = {
+    ...authConfig,
     ...overrides,
     callbacks: composedCallbacks
   };
-  return NextAuth(mergedOptions);
+  return NextAuth(mergedConfig);
 }
+var ImmutableAuth = createImmutableAuth;
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  DEFAULT_AUDIENCE,
+  DEFAULT_AUTH_DOMAIN,
+  DEFAULT_NEXTAUTH_BASE_PATH,
+  DEFAULT_SCOPE,
   ImmutableAuth,
+  MarketingConsentStatus,
+  createAuthConfig,
+  createImmutableAuth,
   isTokenExpired,
   refreshAccessToken
 });

package/dist/node/index.js

@@ -1,53 +1,24 @@
 import {
-  createAuthOptions,
+  DEFAULT_AUDIENCE,
+  DEFAULT_AUTH_DOMAIN,
+  DEFAULT_NEXTAUTH_BASE_PATH,
+  DEFAULT_SCOPE,
+  ImmutableAuth,
+  MarketingConsentStatus,
+  createAuthConfig,
+  createImmutableAuth,
   isTokenExpired,
   refreshAccessToken
-} from "./chunk-OPPMGNFZ.js";
-
-// src/index.ts
-import NextAuthDefault from "next-auth";
-var NextAuth = NextAuthDefault.default || NextAuthDefault;
-function ImmutableAuth(config, overrides) {
-  const authOptions = createAuthOptions(config);
-  if (!overrides) {
-    return NextAuth(authOptions);
-  }
-  const composedCallbacks = {
-    ...authOptions.callbacks
-  };
-  if (overrides.callbacks) {
-    if (overrides.callbacks.jwt) {
-      const internalJwt = authOptions.callbacks?.jwt;
-      const userJwt = overrides.callbacks.jwt;
-      composedCallbacks.jwt = async (params) => {
-        const token = internalJwt ? await internalJwt(params) : params.token;
-        return userJwt({ ...params, token });
-      };
-    }
-    if (overrides.callbacks.session) {
-      const internalSession = authOptions.callbacks?.session;
-      const userSession = overrides.callbacks.session;
-      composedCallbacks.session = async (params) => {
-        const session = internalSession ? await internalSession(params) : params.session;
-        return userSession({ ...params, session });
-      };
-    }
-    if (overrides.callbacks.signIn) {
-      composedCallbacks.signIn = overrides.callbacks.signIn;
-    }
-    if (overrides.callbacks.redirect) {
-      composedCallbacks.redirect = overrides.callbacks.redirect;
-    }
-  }
-  const mergedOptions = {
-    ...authOptions,
-    ...overrides,
-    callbacks: composedCallbacks
-  };
-  return NextAuth(mergedOptions);
-}
+} from "./chunk-BRDI4KXS.js";
 export {
+  DEFAULT_AUDIENCE,
+  DEFAULT_AUTH_DOMAIN,
+  DEFAULT_NEXTAUTH_BASE_PATH,
+  DEFAULT_SCOPE,
   ImmutableAuth,
+  MarketingConsentStatus,
+  createAuthConfig,
+  createImmutableAuth,
   isTokenExpired,
   refreshAccessToken
 };

package/dist/node/server/index.cjs

@@ -30,13 +30,16 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/server/index.ts
 var server_exports = {};
 __export(server_exports, {
-  getImmutableSession: () => getImmutableSession,
-  withPageAuthRequired: () => withPageAuthRequired
+  createAuthConfig: () => createAuthConfig,
+  createAuthMiddleware: () => createAuthMiddleware,
+  createImmutableAuth: () => createImmutableAuth,
+  withAuth: () => withAuth
 });
 module.exports = __toCommonJS(server_exports);
+var import_server = require("next/server");
 
-// src/server/with-page-auth.ts
-var import_next_auth = require("next-auth");
+// src/index.ts
+var import_next_auth = __toESM(require("next-auth"), 1);
 
 // src/config.ts
 var import_credentials = __toESM(require("next-auth/providers/credentials"), 1);
@@ -111,7 +114,7 @@ function isTokenExpired(accessTokenExpires, bufferSeconds = TOKEN_EXPIRY_BUFFER_
 }
 
 // src/config.ts
-var CredentialsProvider = import_credentials.default.default || import_credentials.default;
+var Credentials = import_credentials.default.default || import_credentials.default;
 async function validateTokens(accessToken, authDomain) {
   try {
     const response = await fetch(`${authDomain}/userinfo`, {
@@ -130,18 +133,18 @@ async function validateTokens(accessToken, authDomain) {
     return null;
   }
 }
-function createAuthOptions(config) {
+function createAuthConfig(config) {
   const authDomain = config.authenticationDomain || DEFAULT_AUTH_DOMAIN;
   return {
     providers: [
-      CredentialsProvider({
+      Credentials({
         id: IMMUTABLE_PROVIDER_ID,
         name: "Immutable",
         credentials: {
           tokens: { label: "Tokens", type: "text" }
         },
         async authorize(credentials) {
-          if (!credentials?.tokens) {
+          if (!credentials?.tokens || typeof credentials.tokens !== "string") {
             return null;
           }
           let tokenData;
@@ -184,6 +187,7 @@ function createAuthOptions(config) {
       })
     ],
     callbacks: {
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
       async jwt({
         token,
         user,
@@ -204,13 +208,14 @@ function createAuthOptions(config) {
           };
         }
         if (trigger === "update" && sessionUpdate) {
+          const update = sessionUpdate;
           return {
             ...token,
-            ...sessionUpdate.accessToken && { accessToken: sessionUpdate.accessToken },
-            ...sessionUpdate.refreshToken && { refreshToken: sessionUpdate.refreshToken },
-            ...sessionUpdate.idToken && { idToken: sessionUpdate.idToken },
-            ...sessionUpdate.accessTokenExpires && { accessTokenExpires: sessionUpdate.accessTokenExpires },
-            ...sessionUpdate.zkEvm && { zkEvm: sessionUpdate.zkEvm }
+            ...update.accessToken ? { accessToken: update.accessToken } : {},
+            ...update.refreshToken ? { refreshToken: update.refreshToken } : {},
+            ...update.idToken ? { idToken: update.idToken } : {},
+            ...update.accessTokenExpires ? { accessTokenExpires: update.accessTokenExpires } : {},
+            ...update.zkEvm ? { zkEvm: update.zkEvm } : {}
           };
         }
         if (!isTokenExpired(token.accessTokenExpires)) {
@@ -218,10 +223,12 @@ function createAuthOptions(config) {
         }
         return refreshAccessToken(token, config);
       },
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
       async session({ session, token }) {
         return {
           ...session,
           user: {
+            ...session.user,
             sub: token.sub,
             email: token.email,
             nickname: token.nickname
@@ -239,62 +246,103 @@ function createAuthOptions(config) {
       strategy: "jwt",
       // Session max age in seconds (30 days default)
       maxAge: DEFAULT_SESSION_MAX_AGE_SECONDS
-    },
-    // Use NEXTAUTH_SECRET from environment
-    secret: process.env.NEXTAUTH_SECRET
+    }
   };
 }
 
-// src/server/with-page-auth.ts
-async function getImmutableSession(req, res, config) {
-  const authOptions = createAuthOptions(config);
-  return (0, import_next_auth.getServerSession)(req, res, authOptions);
-}
-function withPageAuthRequired(config, options = {}) {
-  const {
-    loginUrl = "/login",
-    returnTo,
-    getServerSideProps: customGetServerSideProps
-  } = options;
-  const authOptions = createAuthOptions(config);
-  return async (ctx) => {
-    const session = await (0, import_next_auth.getServerSession)(ctx.req, ctx.res, authOptions);
-    if (!session) {
-      let destination = loginUrl;
-      if (returnTo !== false) {
-        const returnPath = returnTo || ctx.resolvedUrl;
-        const separator = loginUrl.includes("?") ? "&" : "?";
-        destination = `${loginUrl}${separator}returnTo=${encodeURIComponent(returnPath)}`;
-      }
-      return {
-        redirect: {
-          destination,
-          permanent: false
-        }
+// src/index.ts
+var import_auth = require("@imtbl/auth");
+var NextAuth = import_next_auth.default.default || import_next_auth.default;
+function createImmutableAuth(config, overrides) {
+  const authConfig = createAuthConfig(config);
+  if (!overrides) {
+    return NextAuth(authConfig);
+  }
+  const composedCallbacks = {
+    ...authConfig.callbacks
+  };
+  if (overrides.callbacks) {
+    if (overrides.callbacks.jwt) {
+      const internalJwt = authConfig.callbacks?.jwt;
+      const userJwt = overrides.callbacks.jwt;
+      composedCallbacks.jwt = async (params) => {
+        const token = internalJwt ? await internalJwt(params) : params.token;
+        return userJwt({ ...params, token });
       };
     }
-    if (customGetServerSideProps) {
-      const result = await customGetServerSideProps(ctx, session);
-      if ("redirect" in result || "notFound" in result) {
-        return result;
-      }
-      const userProps = await result.props;
-      return {
-        props: {
-          ...userProps,
-          session
-        }
+    if (overrides.callbacks.session) {
+      const internalSession = authConfig.callbacks?.session;
+      const userSession = overrides.callbacks.session;
+      composedCallbacks.session = async (params) => {
+        const session = internalSession ? await internalSession(params) : params.session;
+        return userSession({ ...params, session });
       };
     }
-    return {
-      props: {
-        session
+    if (overrides.callbacks.signIn) {
+      composedCallbacks.signIn = overrides.callbacks.signIn;
+    }
+    if (overrides.callbacks.redirect) {
+      composedCallbacks.redirect = overrides.callbacks.redirect;
+    }
+  }
+  const mergedConfig = {
+    ...authConfig,
+    ...overrides,
+    callbacks: composedCallbacks
+  };
+  return NextAuth(mergedConfig);
+}
+
+// src/server/index.ts
+function createAuthMiddleware(auth, options = {}) {
+  const { loginUrl = "/login", protectedPaths, publicPaths } = options;
+  return async function middleware(request) {
+    const { pathname } = request.nextUrl;
+    if (publicPaths) {
+      const isPublic = publicPaths.some((pattern) => {
+        if (typeof pattern === "string") {
+          return pathname === pattern || pathname.startsWith(pattern);
+        }
+        return pattern.test(pathname);
+      });
+      if (isPublic) {
+        return import_server.NextResponse.next();
       }
-    };
+    }
+    if (protectedPaths) {
+      const isProtected = protectedPaths.some((pattern) => {
+        if (typeof pattern === "string") {
+          return pathname === pattern || pathname.startsWith(pattern);
+        }
+        return pattern.test(pathname);
+      });
+      if (!isProtected) {
+        return import_server.NextResponse.next();
+      }
+    }
+    const session = await auth();
+    if (!session) {
+      const url = new URL(loginUrl, request.url);
+      const returnTo = request.nextUrl.search ? `${pathname}${request.nextUrl.search}` : pathname;
+      url.searchParams.set("returnTo", returnTo);
+      return import_server.NextResponse.redirect(url);
+    }
+    return import_server.NextResponse.next();
+  };
+}
+function withAuth(auth, handler) {
+  return async (...args) => {
+    const session = await auth();
+    if (!session) {
+      throw new Error("Unauthorized: No active session");
+    }
+    return handler(session, ...args);
   };
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  getImmutableSession,
-  withPageAuthRequired
+  createAuthConfig,
+  createAuthMiddleware,
+  createImmutableAuth,
+  withAuth
 });

package/dist/node/server/index.js

@@ -1,57 +1,58 @@
 import {
-  createAuthOptions
-} from "../chunk-OPPMGNFZ.js";
+  createAuthConfig,
+  createImmutableAuth
+} from "../chunk-BRDI4KXS.js";
 
-// src/server/with-page-auth.ts
-import { getServerSession as nextAuthGetServerSession } from "next-auth";
-async function getImmutableSession(req, res, config) {
-  const authOptions = createAuthOptions(config);
-  return nextAuthGetServerSession(req, res, authOptions);
-}
-function withPageAuthRequired(config, options = {}) {
-  const {
-    loginUrl = "/login",
-    returnTo,
-    getServerSideProps: customGetServerSideProps
-  } = options;
-  const authOptions = createAuthOptions(config);
-  return async (ctx) => {
-    const session = await nextAuthGetServerSession(ctx.req, ctx.res, authOptions);
-    if (!session) {
-      let destination = loginUrl;
-      if (returnTo !== false) {
-        const returnPath = returnTo || ctx.resolvedUrl;
-        const separator = loginUrl.includes("?") ? "&" : "?";
-        destination = `${loginUrl}${separator}returnTo=${encodeURIComponent(returnPath)}`;
-      }
-      return {
-        redirect: {
-          destination,
-          permanent: false
+// src/server/index.ts
+import { NextResponse } from "next/server";
+function createAuthMiddleware(auth, options = {}) {
+  const { loginUrl = "/login", protectedPaths, publicPaths } = options;
+  return async function middleware(request) {
+    const { pathname } = request.nextUrl;
+    if (publicPaths) {
+      const isPublic = publicPaths.some((pattern) => {
+        if (typeof pattern === "string") {
+          return pathname === pattern || pathname.startsWith(pattern);
         }
-      };
-    }
-    if (customGetServerSideProps) {
-      const result = await customGetServerSideProps(ctx, session);
-      if ("redirect" in result || "notFound" in result) {
-        return result;
+        return pattern.test(pathname);
+      });
+      if (isPublic) {
+        return NextResponse.next();
       }
-      const userProps = await result.props;
-      return {
-        props: {
-          ...userProps,
-          session
-        }
-      };
     }
-    return {
-      props: {
-        session
+    if (protectedPaths) {
+      const isProtected = protectedPaths.some((pattern) => {
+        if (typeof pattern === "string") {
+          return pathname === pattern || pathname.startsWith(pattern);
+        }
+        return pattern.test(pathname);
+      });
+      if (!isProtected) {
+        return NextResponse.next();
       }
-    };
+    }
+    const session = await auth();
+    if (!session) {
+      const url = new URL(loginUrl, request.url);
+      const returnTo = request.nextUrl.search ? `${pathname}${request.nextUrl.search}` : pathname;
+      url.searchParams.set("returnTo", returnTo);
+      return NextResponse.redirect(url);
+    }
+    return NextResponse.next();
+  };
+}
+function withAuth(auth, handler) {
+  return async (...args) => {
+    const session = await auth();
+    if (!session) {
+      throw new Error("Unauthorized: No active session");
+    }
+    return handler(session, ...args);
   };
 }
 export {
-  getImmutableSession,
-  withPageAuthRequired
+  createAuthConfig,
+  createAuthMiddleware,
+  createImmutableAuth,
+  withAuth
 };