@imtbl/auth-nextjs 2.12.4-alpha.4 → 2.12.4-alpha.6

package/dist/types/client/callback.d.ts

@@ -19,18 +19,23 @@ export interface CallbackPageProps {
     errorComponent?: (error: string) => React.ReactElement | null;
 }
 /**
- * Callback page component for handling OAuth redirects.
+ * Callback page component for handling OAuth redirects (App Router version).
  *
  * Use this in your callback page to process authentication responses.
  *
  * @example
  * ```tsx
- * // pages/callback.tsx
+ * // app/callback/page.tsx
+ * "use client";
  * import { CallbackPage } from "@imtbl/auth-nextjs/client";
- * import { immutableConfig } from "@/lib/auth-nextjs";
+ *
+ * const config = {
+ *   clientId: process.env.NEXT_PUBLIC_IMMUTABLE_CLIENT_ID!,
+ *   redirectUri: `${process.env.NEXT_PUBLIC_BASE_URL}/callback`,
+ * };
  *
  * export default function Callback() {
- *   return <CallbackPage config={immutableConfig} />;
+ *   return <CallbackPage config={config} />;
  * }
  * ```
  */

package/dist/types/client/index.d.ts

@@ -1,3 +1,5 @@
 export { ImmutableAuthProvider, useImmutableAuth, useAccessToken, } from './provider';
 export { CallbackPage, type CallbackPageProps } from './callback';
 export type { ImmutableAuthProviderProps, UseImmutableAuthReturn, ImmutableAuthConfig, ImmutableUser, } from '../types';
+export type { LoginOptions, DirectLoginOptions } from '@imtbl/auth';
+export { MarketingConsentStatus } from '@imtbl/auth';

package/dist/types/client/provider.d.ts

@@ -1,12 +1,13 @@
 import type { ImmutableAuthProviderProps, UseImmutableAuthReturn } from '../types';
 /**
- * Provider component for Immutable authentication with NextAuth
+ * Provider component for Immutable authentication with Auth.js v5
  *
  * Wraps your app to provide authentication state via useImmutableAuth hook.
  *
- * @example
+ * @example App Router (recommended)
  * ```tsx
- * // pages/_app.tsx
+ * // app/providers.tsx
+ * "use client";
  * import { ImmutableAuthProvider } from "@imtbl/auth-nextjs/client";
  *
  * const config = {
@@ -14,13 +15,26 @@ import type { ImmutableAuthProviderProps, UseImmutableAuthReturn } from '../type
  *   redirectUri: `${process.env.NEXT_PUBLIC_BASE_URL}/callback`,
  * };
  *
- * export default function App({ Component, pageProps }: AppProps) {
+ * export function Providers({ children }: { children: React.ReactNode }) {
  *   return (
- *     <ImmutableAuthProvider config={config} session={pageProps.session}>
- *       <Component {...pageProps} />
+ *     <ImmutableAuthProvider config={config}>
+ *       {children}
  *     </ImmutableAuthProvider>
  *   );
  * }
+ *
+ * // app/layout.tsx
+ * import { Providers } from "./providers";
+ *
+ * export default function RootLayout({ children }: { children: React.ReactNode }) {
+ *   return (
+ *     <html>
+ *       <body>
+ *         <Providers>{children}</Providers>
+ *       </body>
+ *     </html>
+ *   );
+ * }
  * ```
  */
 export declare function ImmutableAuthProvider({ children, config, session, basePath, }: ImmutableAuthProviderProps): import("react/jsx-runtime").JSX.Element;

package/dist/types/config.d.ts

@@ -1,23 +1,21 @@
-import type { NextAuthOptions } from 'next-auth';
+import type { NextAuthConfig } from 'next-auth';
 import type { ImmutableAuthConfig } from './types';
 /**
- * Create NextAuth options configured for Immutable authentication
+ * Create Auth.js v5 configuration for Immutable authentication
  *
  * @example
  * ```typescript
  * // lib/auth.ts
- * import { createAuthOptions } from "@imtbl/auth-nextjs";
+ * import NextAuth from "next-auth";
+ * import { createAuthConfig } from "@imtbl/auth-nextjs";
  *
- * export const authOptions = createAuthOptions({
+ * const config = {
  *   clientId: process.env.NEXT_PUBLIC_IMMUTABLE_CLIENT_ID!,
  *   redirectUri: `${process.env.NEXT_PUBLIC_BASE_URL}/callback`,
- * });
- *
- * // pages/api/auth/[...nextauth].ts
- * import NextAuth from "next-auth";
- * import { authOptions } from "@/lib/auth";
+ * };
  *
- * export default NextAuth(authOptions);
+ * export const { handlers, auth, signIn, signOut } = NextAuth(createAuthConfig(config));
  * ```
  */
-export declare function createAuthOptions(config: ImmutableAuthConfig): NextAuthOptions;
+export declare function createAuthConfig(config: ImmutableAuthConfig): NextAuthConfig;
+export declare const createAuthOptions: typeof createAuthConfig;

package/dist/types/index.d.ts

@@ -1,15 +1,22 @@
-import { type NextAuthOptions } from 'next-auth';
+import NextAuthImport from 'next-auth';
+import type { NextAuthConfig } from 'next-auth';
 import type { ImmutableAuthConfig } from './types';
+declare const NextAuth: typeof NextAuthImport;
 /**
- * NextAuth options that can be overridden.
+ * Auth.js v5 config options that can be overridden.
  * Excludes 'providers' as that's managed internally.
  */
-export type ImmutableAuthOverrides = Omit<NextAuthOptions, 'providers'>;
+export type ImmutableAuthOverrides = Omit<NextAuthConfig, 'providers'>;
 /**
- * Create a NextAuth handler with Immutable authentication
+ * Return type of createImmutableAuth - the NextAuth instance with handlers
+ */
+export type ImmutableAuthResult = ReturnType<typeof NextAuth>;
+/**
+ * Create an Auth.js v5 instance with Immutable authentication
  *
  * @param config - Immutable auth configuration
- * @param overrides - Optional NextAuth options to override defaults
+ * @param overrides - Optional Auth.js options to override defaults
+ * @returns NextAuth instance with { handlers, auth, signIn, signOut }
  *
  * @remarks
  * Callback composition: The `jwt` and `session` callbacks are composed rather than
@@ -17,20 +24,24 @@ export type ImmutableAuthOverrides = Omit<NextAuthOptions, 'providers'>;
  * your custom callbacks receive the result. Other callbacks (`signIn`, `redirect`)
  * are replaced entirely if provided.
  *
- * @example Basic usage
+ * @example Basic usage (App Router)
  * ```typescript
- * // pages/api/auth/[...nextauth].ts
- * import { ImmutableAuth } from "@imtbl/auth-nextjs";
+ * // lib/auth.ts
+ * import { createImmutableAuth } from "@imtbl/auth-nextjs";
  *
- * export default ImmutableAuth({
+ * export const { handlers, auth, signIn, signOut } = createImmutableAuth({
  *   clientId: process.env.NEXT_PUBLIC_IMMUTABLE_CLIENT_ID!,
  *   redirectUri: `${process.env.NEXT_PUBLIC_BASE_URL}/callback`,
  * });
+ *
+ * // app/api/auth/[...nextauth]/route.ts
+ * import { handlers } from "@/lib/auth";
+ * export const { GET, POST } = handlers;
  * ```
  *
- * @example With NextAuth overrides
+ * @example With Auth.js overrides
  * ```typescript
- * export default ImmutableAuth(
+ * export const { handlers, auth } = createImmutableAuth(
  *   { clientId: "...", redirectUri: "..." },
  *   {
  *     pages: { signIn: "/custom-login", error: "/auth-error" },
@@ -41,7 +52,7 @@ export type ImmutableAuthOverrides = Omit<NextAuthOptions, 'providers'>;
  *
  * @example With custom jwt callback (composed with internal callback)
  * ```typescript
- * export default ImmutableAuth(
+ * export const { handlers, auth } = createImmutableAuth(
  *   { clientId: "...", redirectUri: "..." },
  *   {
  *     callbacks: {
@@ -56,6 +67,11 @@ export type ImmutableAuthOverrides = Omit<NextAuthOptions, 'providers'>;
  * );
  * ```
  */
-export declare function ImmutableAuth(config: ImmutableAuthConfig, overrides?: ImmutableAuthOverrides): any;
-export type { ImmutableAuthConfig, ImmutableTokenData, ImmutableUser, ZkEvmInfo, WithPageAuthRequiredOptions, } from './types';
+export declare function createImmutableAuth(config: ImmutableAuthConfig, overrides?: ImmutableAuthOverrides): ImmutableAuthResult;
+export declare const ImmutableAuth: typeof createImmutableAuth;
+export { createAuthConfig } from './config';
+export type { ImmutableAuthConfig, ImmutableTokenData, ImmutableUser, ZkEvmInfo, } from './types';
+export type { LoginOptions, DirectLoginOptions } from '@imtbl/auth';
+export { MarketingConsentStatus } from '@imtbl/auth';
 export { refreshAccessToken, isTokenExpired } from './refresh';
+export { DEFAULT_AUTH_DOMAIN, DEFAULT_AUDIENCE, DEFAULT_SCOPE, DEFAULT_NEXTAUTH_BASE_PATH, } from './constants';

package/dist/types/refresh.d.ts

@@ -2,7 +2,7 @@ import type { JWT } from 'next-auth/jwt';
 import type { ImmutableAuthConfig } from './types';
 /**
  * Refresh the access token using the refresh token
- * Called by NextAuth JWT callback when token is expired
+ * Called by Auth.js JWT callback when token is expired
  */
 export declare function refreshAccessToken(token: JWT, config: ImmutableAuthConfig): Promise<JWT>;
 /**

package/dist/types/server/index.d.ts

@@ -1,2 +1,104 @@
-export { withPageAuthRequired, getImmutableSession, type WithPageAuthRequiredFullOptions, type WithPageAuthRequiredProps, } from './with-page-auth';
-export type { WithPageAuthRequiredOptions } from '../types';
+import { type NextRequest, NextResponse } from 'next/server';
+import type { Session } from 'next-auth';
+export { createImmutableAuth, createAuthConfig } from '../index';
+/**
+ * Options for createAuthMiddleware
+ */
+export interface AuthMiddlewareOptions {
+    /**
+     * URL to redirect to when not authenticated
+     * @default "/login"
+     */
+    loginUrl?: string;
+    /**
+     * Paths that should be protected (regex patterns)
+     * If not provided, middleware should be configured via Next.js matcher
+     */
+    protectedPaths?: (string | RegExp)[];
+    /**
+     * Paths that should be excluded from protection (regex patterns)
+     * Takes precedence over protectedPaths
+     */
+    publicPaths?: (string | RegExp)[];
+}
+/**
+ * Type for the auth function returned by createImmutableAuth
+ */
+export type AuthFunction = () => Promise<Session | null>;
+/**
+ * Create a Next.js middleware for protecting routes with Immutable authentication.
+ *
+ * This is the App Router replacement for `withPageAuthRequired`.
+ *
+ * @param auth - The auth function from createImmutableAuth
+ * @param options - Middleware options
+ * @returns A Next.js middleware function
+ *
+ * @example Basic usage with Next.js middleware:
+ * ```typescript
+ * // middleware.ts
+ * import { createAuthMiddleware } from "@imtbl/auth-nextjs/server";
+ * import { auth } from "@/lib/auth";
+ *
+ * export default createAuthMiddleware(auth, {
+ *   loginUrl: "/login",
+ * });
+ *
+ * export const config = {
+ *   matcher: ["/dashboard/:path*", "/profile/:path*"],
+ * };
+ * ```
+ *
+ * @example With path configuration:
+ * ```typescript
+ * export default createAuthMiddleware(auth, {
+ *   loginUrl: "/login",
+ *   protectedPaths: [/^\/dashboard/, /^\/profile/],
+ *   publicPaths: [/^\/api\/public/],
+ * });
+ * ```
+ */
+export declare function createAuthMiddleware(auth: AuthFunction, options?: AuthMiddlewareOptions): (request: NextRequest) => Promise<NextResponse<unknown>>;
+/**
+ * Higher-order function to protect a Server Action or Route Handler.
+ *
+ * The returned function forwards all arguments from Next.js to your handler,
+ * allowing access to the request, context, form data, or any other arguments.
+ *
+ * @param auth - The auth function from createImmutableAuth
+ * @param handler - The handler function to protect. Receives session as first arg,
+ *                  followed by any arguments passed by Next.js (request, context, etc.)
+ * @returns A protected handler that checks authentication before executing
+ *
+ * @example Protecting a Route Handler with request access:
+ * ```typescript
+ * // app/api/protected/route.ts
+ * import { withAuth } from "@imtbl/auth-nextjs/server";
+ * import { auth } from "@/lib/auth";
+ *
+ * export const POST = withAuth(auth, async (session, request: Request) => {
+ *   const body = await request.json();
+ *   return Response.json({ user: session.user, data: body });
+ * });
+ *
+ * export const GET = withAuth(auth, async (session, request: Request, context) => {
+ *   const { params } = context;
+ *   return Response.json({ user: session.user, params: await params });
+ * });
+ * ```
+ *
+ * @example Protecting a Server Action:
+ * ```typescript
+ * // app/actions.ts
+ * "use server";
+ * import { withAuth } from "@imtbl/auth-nextjs/server";
+ * import { auth } from "@/lib/auth";
+ *
+ * export const protectedAction = withAuth(auth, async (session, formData: FormData) => {
+ *   const userId = session.user.sub;
+ *   const name = formData.get("name");
+ *   // ... your action logic
+ * });
+ * ```
+ */
+export declare function withAuth<TArgs extends unknown[], TReturn>(auth: AuthFunction, handler: (session: Session, ...args: TArgs) => Promise<TReturn>): (...args: TArgs) => Promise<TReturn>;

package/dist/types/types.d.ts

@@ -1,7 +1,7 @@
-import type { DefaultSession, DefaultUser, Session } from 'next-auth';
-import type { DefaultJWT } from 'next-auth/jwt';
+import type { DefaultSession, Session } from 'next-auth';
+import type { JWT } from 'next-auth/jwt';
 /**
- * Configuration for ImmutableAuthProvider and createAuthOptions
+ * Configuration for ImmutableAuthProvider and createImmutableAuth
  */
 export interface ImmutableAuthConfig {
     /**
@@ -45,11 +45,11 @@ export interface ImmutableUser {
     nickname?: string;
 }
 /**
- * NextAuth module augmentation to add Immutable-specific fields
+ * Auth.js v5 module augmentation to add Immutable-specific fields
  */
 declare module 'next-auth' {
     interface Session extends DefaultSession {
-        user: ImmutableUser;
+        user: ImmutableUser & DefaultSession['user'];
         accessToken: string;
         refreshToken?: string;
         idToken?: string;
@@ -57,9 +57,10 @@ declare module 'next-auth' {
         zkEvm?: ZkEvmInfo;
         error?: string;
     }
-    interface User extends DefaultUser {
+    interface User {
+        id: string;
         sub: string;
-        email?: string;
+        email?: string | null;
         nickname?: string;
         accessToken: string;
         refreshToken?: string;
@@ -69,20 +70,20 @@ declare module 'next-auth' {
     }
 }
 declare module 'next-auth/jwt' {
-    interface JWT extends DefaultJWT {
-        sub: string;
-        email?: string;
+    interface JWT {
+        sub?: string;
+        email?: string | null;
         nickname?: string;
-        accessToken: string;
+        accessToken?: string;
         refreshToken?: string;
         idToken?: string;
-        accessTokenExpires: number;
+        accessTokenExpires?: number;
         zkEvm?: ZkEvmInfo;
         error?: string;
     }
 }
 /**
- * Token data passed from client to NextAuth credentials provider
+ * Token data passed from client to Auth.js credentials provider
  */
 export interface ImmutableTokenData {
     accessToken: string;
@@ -127,11 +128,11 @@ export interface ImmutableAuthProviderProps {
     config: ImmutableAuthConfig;
     /**
      * Initial session from server (for SSR hydration)
-     * Can be Session from getServerSession or any compatible session object
+     * Can be Session from auth() or any compatible session object
      */
     session?: Session | DefaultSession | null;
     /**
-     * Custom base path for NextAuth API routes
+     * Custom base path for Auth.js API routes
      * Use this when you have multiple auth endpoints (e.g., per environment)
      * @default "/api/auth"
      */
@@ -146,7 +147,7 @@ export interface UseImmutableAuthReturn {
      */
     user: ImmutableUser | null;
     /**
-     * Full NextAuth session with tokens
+     * Full Auth.js session with tokens
      */
     session: Session | null;
     /**
@@ -159,10 +160,11 @@ export interface UseImmutableAuthReturn {
     isAuthenticated: boolean;
     /**
      * Sign in with Immutable (opens popup)
+     * @param options - Optional login options (cached session, silent login, redirect flow, direct login)
      */
-    signIn: () => Promise<void>;
+    signIn: (options?: import('@imtbl/auth').LoginOptions) => Promise<void>;
     /**
-     * Sign out from both NextAuth and Immutable
+     * Sign out from both Auth.js and Immutable
      */
     signOut: () => Promise<void>;
     /**
@@ -174,18 +176,4 @@ export interface UseImmutableAuthReturn {
      */
     auth: import('@imtbl/auth').Auth | null;
 }
-/**
- * Options for withPageAuthRequired
- */
-export interface WithPageAuthRequiredOptions {
-    /**
-     * URL to redirect to when not authenticated
-     * @default "/login"
-     */
-    loginUrl?: string;
-    /**
-     * URL to redirect to after login
-     * @default current page
-     */
-    returnTo?: string | false;
-}
+export type { JWT };

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@imtbl/auth-nextjs",
-  "version": "2.12.4-alpha.4",
-  "description": "Next.js authentication integration for Immutable SDK using NextAuth",
+  "version": "2.12.4-alpha.6",
+  "description": "Next.js App Router authentication integration for Immutable SDK using Auth.js v5",
   "author": "Immutable",
   "bugs": "https://github.com/immutable/ts-immutable-sdk/issues",
   "homepage": "https://github.com/immutable/ts-immutable-sdk#readme",
@@ -51,11 +51,11 @@
     "dist"
   ],
   "dependencies": {
-    "@imtbl/auth": "2.12.4-alpha.4"
+    "@imtbl/auth": "2.12.4-alpha.6"
   },
   "peerDependencies": {
     "next": "14.2.25",
-    "next-auth": "^4.24.0",
+    "next-auth": "^5.0.0-beta.30",
     "react": "^18.2.0"
   },
   "devDependencies": {
@@ -67,7 +67,7 @@
     "jest": "^29.4.3",
     "jest-environment-jsdom": "^29.4.3",
     "next": "14.2.25",
-    "next-auth": "^4.24.0",
+    "next-auth": "^5.0.0-beta.30",
     "react": "^18.2.0",
     "ts-node": "^10.9.1",
     "tsup": "^8.3.0",

package/dist/types/server/with-page-auth.d.ts

@@ -1,94 +0,0 @@
-import type { GetServerSideProps, GetServerSidePropsContext, GetServerSidePropsResult } from 'next';
-import type { IncomingMessage, ServerResponse } from 'http';
-import { type Session } from 'next-auth';
-import type { ImmutableAuthConfig, WithPageAuthRequiredOptions } from '../types';
-/**
- * Extended options for withPageAuthRequired
- */
-export interface WithPageAuthRequiredFullOptions<P extends Record<string, unknown> = Record<string, unknown>> extends WithPageAuthRequiredOptions {
-    /**
-     * Custom getServerSideProps that runs after auth check.
-     * Session is guaranteed to exist when this runs.
-     */
-    getServerSideProps?: (ctx: GetServerSidePropsContext, session: Session) => Promise<GetServerSidePropsResult<P>>;
-}
-/**
- * Props added by withPageAuthRequired
- */
-export interface WithPageAuthRequiredProps {
-    session: Session;
-}
-/**
- * Get the Immutable session on the server side.
- *
- * @example
- * ```typescript
- * // pages/api/user.ts
- * import { getImmutableSession } from "@imtbl/auth-nextjs/server";
- *
- * const config = { clientId: "...", redirectUri: "..." };
- *
- * export default async function handler(req, res) {
- *   const session = await getImmutableSession(req, res, config);
- *   if (!session) {
- *     return res.status(401).json({ error: "Not authenticated" });
- *   }
- *   res.json({ user: session.user });
- * }
- * ```
- *
- * @example In getServerSideProps
- * ```typescript
- * export const getServerSideProps = async (ctx) => {
- *   const session = await getImmutableSession(ctx.req, ctx.res, config);
- *   return { props: { user: session?.user ?? null } };
- * };
- * ```
- */
-export declare function getImmutableSession(req: IncomingMessage & {
-    cookies: Partial<Record<string, string>>;
-}, res: ServerResponse, config: ImmutableAuthConfig): Promise<Session | null>;
-/**
- * Higher-order function that protects a page with authentication.
- *
- * When a signed-out user visits the page:
- * 1. Server checks session via getServerSession() → returns null
- * 2. Returns HTTP redirect to login page with returnTo parameter
- * 3. After login, user is redirected back to original page
- *
- * @example Basic usage:
- * ```typescript
- * // pages/dashboard.tsx
- * import { withPageAuthRequired } from "@imtbl/auth-nextjs/server";
- *
- * const config = { clientId: "...", redirectUri: "..." };
- *
- * function DashboardPage() {
- *   // Page only renders if user is authenticated
- *   return <h1>Dashboard</h1>;
- * }
- *
- * export default DashboardPage;
- * export const getServerSideProps = withPageAuthRequired(config);
- * ```
- *
- * @example With additional data fetching:
- * ```typescript
- * export const getServerSideProps = withPageAuthRequired(config, {
- *   async getServerSideProps(ctx, session) {
- *     // session is guaranteed to exist here
- *     const data = await fetchData(session.accessToken);
- *     return { props: { data } };
- *   },
- * });
- * ```
- *
- * @example With custom options:
- * ```typescript
- * export const getServerSideProps = withPageAuthRequired(config, {
- *   loginUrl: "/auth/signin",
- *   returnTo: "/dashboard",
- * });
- * ```
- */
-export declare function withPageAuthRequired<P extends Record<string, unknown> = Record<string, unknown>>(config: ImmutableAuthConfig, options?: WithPageAuthRequiredFullOptions<P>): GetServerSideProps<WithPageAuthRequiredProps & P>;